Details of VAR-202010-0716

ID

VAR-202010-0716

CVE

CVE-2020-1684

TITLE

Juniper Networks SRX Run on the series Junos OS Resource Depletion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012634

DESCRIPTION

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2. Juniper Networks SRX Run on the series Junos OS Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Juniper Networks Junos OS SRX is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS SRX that could be exploited by an attacker to trigger an overload through application identification to trigger a denial of service

Trust: 1.8

sources: NVD: CVE-2020-1684 // JVNDB: JVNDB-2020-012634 // VULHUB: VHN-169958 // VULMON: CVE-2020-1684

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1x49	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012634 // NVD: CVE-2020-1684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1684
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1684
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1684
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-686
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169958
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-1684
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1684
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169958
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1684
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012634
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169958 // VULMON: CVE-2020-1684 // JVNDB: JVNDB-2020-012634 // CNNVD: CNNVD-202010-686 // NVD: CVE-2020-1684 // NVD: CVE-2020-1684

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-169958 // JVNDB: JVNDB-2020-012634 // NVD: CVE-2020-1684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-686

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-686

PATCH

title:	JSA11081	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11081&actp=METADATA	Trust: 0.8
title:	Juniper Networks Junos OS SRX Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131309	Trust: 0.6
title:	-	url:	https://github.com/ExpLangcn/FuYao-Go	Trust: 0.1

sources: VULMON: CVE-2020-1684 // JVNDB: JVNDB-2020-012634 // CNNVD: CNNVD-202010-686

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1684	Trust: 2.6
db:	JUNIPER	id:	JSA11081	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-012634	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-686	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3737	Trust: 0.6
db:	VULHUB	id:	VHN-169958	Trust: 0.1
db:	VULMON	id:	CVE-2020-1684	Trust: 0.1

sources: VULHUB: VHN-169958 // VULMON: CVE-2020-1684 // JVNDB: JVNDB-2020-012634 // CNNVD: CNNVD-202010-686 // NVD: CVE-2020-1684

REFERENCES

url:	https://kb.juniper.net/jsa11081	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1684	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3737/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-srx-overload-via-http-application-identification-33722	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-srx-overload-via-application-identification-33598	Trust: 0.6

sources: VULHUB: VHN-169958 // JVNDB: JVNDB-2020-012634 // CNNVD: CNNVD-202010-686 // NVD: CVE-2020-1684

SOURCES

db:	VULHUB	id:	VHN-169958
db:	VULMON	id:	CVE-2020-1684
db:	JVNDB	id:	JVNDB-2020-012634
db:	CNNVD	id:	CNNVD-202010-686
db:	NVD	id:	CVE-2020-1684

LAST UPDATE DATE

2024-08-14T15:38:19.611000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169958	date:	2022-01-01T00:00:00
db:	VULMON	id:	CVE-2020-1684	date:	2022-01-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-012634	date:	2021-05-18T04:55:00
db:	CNNVD	id:	CNNVD-202010-686	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2020-1684	date:	2022-01-01T17:36:52.713

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169958	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1684	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012634	date:	2021-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202010-686	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1684	date:	2020-10-16T21:15:14.097