ID

VAR-202010-0403


CVE

CVE-2020-1672


TITLE

Juniper Networks Junos OS  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012202

DESCRIPTION

On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. Juniper Networks Junos OS Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could allow an attacker to trigger a fatal error through the DHCPv6 relay, triggering a denial of service

Trust: 1.8

sources: NVD: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // VULHUB: VHN-169826 // VULMON: CVE-2020-1672

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012202 // NVD: CVE-2020-1672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1672
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2020-1672
value: HIGH

Trust: 1.0

NVD: CVE-2020-1672
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-673
value: HIGH

Trust: 0.6

VULHUB: VHN-169826
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1672
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1672
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-169826
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2020-1672
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-012202
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672 // NVD: CVE-2020-1672

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-169826 // JVNDB: JVNDB-2020-012202 // NVD: CVE-2020-1672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-673

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-673

PATCH

title:JSA11069url:https://kb.juniper.net/JSA11069

Trust: 0.8

title:Juniper Networks Junos OS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131304

Trust: 0.6

sources: JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673

EXTERNAL IDS

db:NVDid:CVE-2020-1672

Trust: 2.6

db:JUNIPERid:JSA11069

Trust: 1.8

db:JVNDBid:JVNDB-2020-012202

Trust: 0.8

db:CNNVDid:CNNVD-202010-673

Trust: 0.7

db:AUSCERTid:ESB-2020.3749

Trust: 0.6

db:CNVDid:CNVD-2020-59743

Trust: 0.1

db:VULHUBid:VHN-169826

Trust: 0.1

db:VULMONid:CVE-2020-1672

Trust: 0.1

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672

REFERENCES

url:https://kb.juniper.net/jsa11069

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1672

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3749/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-dhcpv6-relay-33589

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189878

Trust: 0.1

sources: VULHUB: VHN-169826 // VULMON: CVE-2020-1672 // JVNDB: JVNDB-2020-012202 // CNNVD: CNNVD-202010-673 // NVD: CVE-2020-1672

SOURCES

db:VULHUBid:VHN-169826
db:VULMONid:CVE-2020-1672
db:JVNDBid:JVNDB-2020-012202
db:CNNVDid:CNNVD-202010-673
db:NVDid:CVE-2020-1672

LAST UPDATE DATE

2024-08-14T14:38:18.744000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169826date:2022-01-01T00:00:00
db:VULMONid:CVE-2020-1672date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-012202date:2021-04-27T05:33:00
db:CNNVDid:CNNVD-202010-673date:2022-01-04T00:00:00
db:NVDid:CVE-2020-1672date:2022-01-01T17:35:42.047

SOURCES RELEASE DATE

db:VULHUBid:VHN-169826date:2020-10-16T00:00:00
db:VULMONid:CVE-2020-1672date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-012202date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-673date:2020-10-15T00:00:00
db:NVDid:CVE-2020-1672date:2020-10-16T21:15:13.147