ID

VAR-202010-0388


CVE

CVE-2020-1661


TITLE

Juniper Networks Junos OS  Vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012192

DESCRIPTION

On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5. Juniper Networks Junos OS An unspecified vulnerability exists in the device.Denial of service (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS that can be exploited by an attacker to trigger a fatal error through jdhcpd, thereby triggering a denial of service

Trust: 1.8

sources: NVD: CVE-2020-1661 // JVNDB: JVNDB-2020-012192 // VULHUB: VHN-169705 // VULMON: CVE-2020-1661

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1x53

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012192 // NVD: CVE-2020-1661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1661
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2020-1661
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1661
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-663
value: MEDIUM

Trust: 0.6

VULHUB: VHN-169705
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1661
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1661
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-169705
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2020-1661
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-012192
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169705 // VULMON: CVE-2020-1661 // JVNDB: JVNDB-2020-012192 // CNNVD: CNNVD-202010-663 // NVD: CVE-2020-1661 // NVD: CVE-2020-1661

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012192 // NVD: CVE-2020-1661

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-663

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-663

PATCH

title:JSA11056url:https://kb.juniper.net/JSA11056

Trust: 0.8

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130736

Trust: 0.6

sources: JVNDB: JVNDB-2020-012192 // CNNVD: CNNVD-202010-663

EXTERNAL IDS

db:NVDid:CVE-2020-1661

Trust: 2.6

db:JUNIPERid:JSA11056

Trust: 1.8

db:JVNDBid:JVNDB-2020-012192

Trust: 0.8

db:CNNVDid:CNNVD-202010-663

Trust: 0.7

db:AUSCERTid:ESB-2020.3571

Trust: 0.6

db:VULHUBid:VHN-169705

Trust: 0.1

db:VULMONid:CVE-2020-1661

Trust: 0.1

sources: VULHUB: VHN-169705 // VULMON: CVE-2020-1661 // JVNDB: JVNDB-2020-012192 // CNNVD: CNNVD-202010-663 // NVD: CVE-2020-1661

REFERENCES

url:https://kb.juniper.net/jsa11056

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1661

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3571/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-jdhcpd-33579

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189899

Trust: 0.1

sources: VULHUB: VHN-169705 // VULMON: CVE-2020-1661 // JVNDB: JVNDB-2020-012192 // CNNVD: CNNVD-202010-663 // NVD: CVE-2020-1661

SOURCES

db:VULHUBid:VHN-169705
db:VULMONid:CVE-2020-1661
db:JVNDBid:JVNDB-2020-012192
db:CNNVDid:CNNVD-202010-663
db:NVDid:CVE-2020-1661

LAST UPDATE DATE

2024-08-14T14:32:02.423000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169705date:2020-10-26T00:00:00
db:VULMONid:CVE-2020-1661date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-012192date:2021-04-27T05:33:00
db:CNNVDid:CNNVD-202010-663date:2020-10-27T00:00:00
db:NVDid:CVE-2020-1661date:2020-10-26T19:57:23.903

SOURCES RELEASE DATE

db:VULHUBid:VHN-169705date:2020-10-16T00:00:00
db:VULMONid:CVE-2020-1661date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-012192date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-663date:2020-10-15T00:00:00
db:NVDid:CVE-2020-1661date:2020-10-16T21:15:12.363