ID

VAR-202010-0719


CVE

CVE-2020-1686


TITLE

Juniper Networks Junos OS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012136

DESCRIPTION

On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. The operating system provides a secure programming interface and Junos SDK

Trust: 1.8

sources: NVD: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // VULHUB: VHN-169980 // VULMON: CVE-2020-1686

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012136 // NVD: CVE-2020-1686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1686
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1686
value: HIGH

Trust: 1.0

NVD: CVE-2020-1686
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-688
value: HIGH

Trust: 0.6

VULHUB: VHN-169980
value: HIGH

Trust: 0.1

VULMON: CVE-2020-1686
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-1686
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-169980
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2020-1686
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-012136
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686 // NVD: CVE-2020-1686

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012136 // NVD: CVE-2020-1686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-688

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-688

PATCH

title:JSA11083url:https://kb.juniper.net/JSA11083

Trust: 0.8

title:Juniper Networks Junos OS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131310

Trust: 0.6

sources: JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688

EXTERNAL IDS

db:NVDid:CVE-2020-1686

Trust: 2.6

db:JUNIPERid:JSA11083

Trust: 1.8

db:JVNDBid:JVNDB-2020-012136

Trust: 0.8

db:CNNVDid:CNNVD-202010-688

Trust: 0.7

db:CNVDid:CNVD-2020-63215

Trust: 0.1

db:VULHUBid:VHN-169980

Trust: 0.1

db:VULMONid:CVE-2020-1686

Trust: 0.1

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686

REFERENCES

url:https://kb.juniper.net/jsa11083

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1686

Trust: 1.4

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv6-33724

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv6-33600

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189882

Trust: 0.1

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686

SOURCES

db:VULHUBid:VHN-169980
db:VULMONid:CVE-2020-1686
db:JVNDBid:JVNDB-2020-012136
db:CNNVDid:CNNVD-202010-688
db:NVDid:CVE-2020-1686

LAST UPDATE DATE

2024-08-14T15:22:32.294000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169980date:2022-10-19T00:00:00
db:VULMONid:CVE-2020-1686date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012136date:2021-04-26T07:28:00
db:CNNVDid:CNNVD-202010-688date:2020-11-03T00:00:00
db:NVDid:CVE-2020-1686date:2022-10-19T17:21:45.080

SOURCES RELEASE DATE

db:VULHUBid:VHN-169980date:2020-10-16T00:00:00
db:VULMONid:CVE-2020-1686date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-012136date:2021-04-26T00:00:00
db:CNNVDid:CNNVD-202010-688date:2020-10-15T00:00:00
db:NVDid:CVE-2020-1686date:2020-10-16T21:15:14.257