Sign-up

ID

VAR-202007-1426


CVE

CVE-2020-1648


TITLE

Juniper Networks Junos OS and Junos OS Evolved Input verification vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-008317

DESCRIPTION

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. This issue can occur even before the BGP session with the peer is established. Repeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70; 19.4 versions 19.4R1 and 19.4R1-S1; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: 19.4-EVO versions prior to 19.4R2-S2-EVO; 20.1-EVO versions prior to 20.1R2-EVO. This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO. The operating system provides a secure programming interface and Junos SDK. Junos OS Evolved is an upgraded version of Junos OS. An attacker could exploit this vulnerability to cause the Routing Process Daemon (RPD) to crash and restart

Trust: 1.71

sources: NVD: CVE-2020-1648 // JVNDB: JVNDB-2020-008317 // VULHUB: VHN-169562

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2x75

Trust: 1.0

vendor:junipermodel:junos osscope: - version: -

Trust: 0.8

vendor:junipermodel:junos os evolvedscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008317 // NVD: CVE-2020-1648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1648
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1648
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008317
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-417
value: HIGH

Trust: 0.6

VULHUB: VHN-169562
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1648
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008317
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-169562
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1648
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-008317
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169562 // JVNDB: JVNDB-2020-008317 // CNNVD: CNNVD-202007-417 // NVD: CVE-2020-1648 // NVD: CVE-2020-1648

PROBLEMTYPE DATA

problemtype:CWE-159

Trust: 1.0

problemtype:CWE-690

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-169562 // JVNDB: JVNDB-2020-008317 // NVD: CVE-2020-1648

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-417

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-417

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008317

PATCH
title:JSA11035url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11035&actp=METADATA
Trust: 0.8
title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124865
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008317 // 
            
            
            
            CNNVD: CNNVD-202007-417

EXTERNAL IDS
db:NVDid:CVE-2020-1648
Trust: 2.5
db:JUNIPERid:JSA11035
Trust: 1.7
db:JVNDBid:JVNDB-2020-008317
Trust: 0.8
db:CNNVDid:CNNVD-202007-417
Trust: 0.7
db:CNVDid:CNVD-2020-49038
Trust: 0.1
db:VULHUBid:VHN-169562
Trust: 0.1
sources:
            
            
            VULHUB: VHN-169562 // 
            
            
            
            JVNDB: JVNDB-2020-008317 // 
            
            
            
            CNNVD: CNNVD-202007-417 // 
            
            
            
            NVD: CVE-2020-1648

REFERENCES
url:https://kb.juniper.net/jsa11035
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1648
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1648
Trust: 0.8
url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-bgp-32775
Trust: 0.6
sources:
            
            
            VULHUB: VHN-169562 // 
            
            
            
            JVNDB: JVNDB-2020-008317 // 
            
            
            
            CNNVD: CNNVD-202007-417 // 
            
            
            
            NVD: CVE-2020-1648

SOURCES
db:VULHUBid:VHN-169562
db:JVNDBid:JVNDB-2020-008317
db:CNNVDid:CNNVD-202007-417
db:NVDid:CVE-2020-1648

LAST UPDATE DATE
2024-11-23T22:37:20.370000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-169562date:2022-01-01T00:00:00
db:JVNDBid:JVNDB-2020-008317date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-417date:2022-01-04T00:00:00
db:NVDid:CVE-2020-1648date:2024-11-21T05:11:04.770

SOURCES RELEASE DATE
db:VULHUBid:VHN-169562date:2020-07-17T00:00:00
db:JVNDBid:JVNDB-2020-008317date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-417date:2020-07-09T00:00:00
db:NVDid:CVE-2020-1648date:2020-07-17T19:15:13.267