Details of VAR-202010-0385

ID

VAR-202010-0385

CVE

CVE-2020-1656

TITLE

Juniper Networks Junos OS Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012190

DESCRIPTION

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. Juniper Networks Junos OS Input confirmation vulnerabilityInformation is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could be exploited by an attacker to run code through the DHCPv6 relay agent

Trust: 1.8

sources: NVD: CVE-2020-1656 // JVNDB: JVNDB-2020-012190 // VULHUB: VHN-169650 // VULMON: CVE-2020-1656

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	15.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	16.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.2x75	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012190 // NVD: CVE-2020-1656

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1656
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1656
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1656
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-661
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169650
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-1656
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1656
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169650
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1656
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012190
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169650 // VULMON: CVE-2020-1656 // JVNDB: JVNDB-2020-012190 // CNNVD: CNNVD-202010-661 // NVD: CVE-2020-1656 // NVD: CVE-2020-1656

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-476	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-169650 // JVNDB: JVNDB-2020-012190 // NVD: CVE-2020-1656

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-661

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-661

PATCH

title:	DHCPv6 Relay Agent Security Bulletin	url:	https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-dhcpv6-relay-statistics.html	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130734	Trust: 0.6

sources: JVNDB: JVNDB-2020-012190 // CNNVD: CNNVD-202010-661

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1656	Trust: 2.6
db:	JUNIPER	id:	JSA11049	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012190	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3562	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-661	Trust: 0.6
db:	CNVD	id:	CNVD-2020-64000	Trust: 0.1
db:	VULHUB	id:	VHN-169650	Trust: 0.1
db:	VULMON	id:	CVE-2020-1656	Trust: 0.1

sources: VULHUB: VHN-169650 // VULMON: CVE-2020-1656 // JVNDB: JVNDB-2020-012190 // CNNVD: CNNVD-202010-661 // NVD: CVE-2020-1656

REFERENCES

url:	https://kb.juniper.net/jsa11049	Trust: 1.8
url:	https://www.juniper.net/documentation/en_us/junos/topics/reference/command-summary/show-dhcpv6-relay-statistics.html	Trust: 1.8
url:	https://www.juniper.net/documentation/en_us/junos/topics/topic-map/dhcp-relay-agent-security-devices.html	Trust: 1.8
url:	https://www.juniper.net/documentation/en_us/junos/topics/topic-map/dhcpv6-relay-agent-overview.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1656	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3562/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-code-execution-via-dhcpv6-relay-agent-33576	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189896	Trust: 0.1

sources: VULHUB: VHN-169650 // VULMON: CVE-2020-1656 // JVNDB: JVNDB-2020-012190 // CNNVD: CNNVD-202010-661 // NVD: CVE-2020-1656

SOURCES

db:	VULHUB	id:	VHN-169650
db:	VULMON	id:	CVE-2020-1656
db:	JVNDB	id:	JVNDB-2020-012190
db:	CNNVD	id:	CNNVD-202010-661
db:	NVD	id:	CVE-2020-1656

LAST UPDATE DATE

2024-11-23T22:05:25.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169650	date:	2021-02-05T00:00:00
db:	VULMON	id:	CVE-2020-1656	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012190	date:	2021-04-27T05:33:00
db:	CNNVD	id:	CNNVD-202010-661	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2020-1656	date:	2024-11-21T05:11:06.020

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169650	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1656	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012190	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-661	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1656	date:	2020-10-16T21:15:12.083