Details of VAR-202010-0403

ID

VAR-202010-0403

CVE

CVE-2020-1672

TITLE

Juniper Networks Junos OS Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012202

DESCRIPTION

On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. Juniper Networks Junos OS Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could allow an attacker to trigger a fatal error through the DHCPv6 relay, triggering a denial of service

Trust: 1.8

sources: NVD: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // VULHUB: VHN-169826 // VULMON: CVE-2020-1672

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012202 // NVD: CVE-2020-1672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1672
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1672
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1672
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-673
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169826
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-1672
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1672
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169826
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1672
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012202
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672 // NVD: CVE-2020-1672

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-169826 // JVNDB: JVNDB-2020-012202 // NVD: CVE-2020-1672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-673

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-673

PATCH

title:	JSA11069	url:	https://kb.juniper.net/JSA11069	Trust: 0.8
title:	Juniper Networks Junos OS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131304	Trust: 0.6

sources: JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1672	Trust: 2.6
db:	JUNIPER	id:	JSA11069	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012202	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-673	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3749	Trust: 0.6
db:	CNVD	id:	CNVD-2020-59743	Trust: 0.1
db:	VULHUB	id:	VHN-169826	Trust: 0.1
db:	VULMON	id:	CVE-2020-1672	Trust: 0.1

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672

REFERENCES

url:	https://kb.juniper.net/jsa11069	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1672	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3749/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-dhcpv6-relay-33589	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189878	Trust: 0.1

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672

SOURCES

db:	VULHUB	id:	VHN-169826
db:	VULMON	id:	CVE-2020-1672
db:	JVNDB	id:	JVNDB-2020-012202
db:	CNNVD	id:	CNNVD-202010-673
db:	NVD	id:	CVE-2020-1672

LAST UPDATE DATE

2024-08-14T14:38:18.744000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169826	date:	2022-01-01T00:00:00
db:	VULMON	id:	CVE-2020-1672	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012202	date:	2021-04-27T05:33:00
db:	CNNVD	id:	CNNVD-202010-673	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2020-1672	date:	2022-01-01T17:35:42.047

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169826	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1672	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012202	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-673	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1672	date:	2020-10-16T21:15:13.147