Details of VAR-202010-0719

ID

VAR-202010-0719

CVE

CVE-2020-1686

TITLE

Juniper Networks Junos OS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012136

DESCRIPTION

On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. The operating system provides a secure programming interface and Junos SDK

Trust: 1.8

sources: NVD: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // VULHUB: VHN-169980 // VULMON: CVE-2020-1686

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012136 // NVD: CVE-2020-1686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1686
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1686
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1686
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-688
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169980
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-1686
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-1686
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169980
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1686
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012136
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686 // NVD: CVE-2020-1686

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012136 // NVD: CVE-2020-1686

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-688

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202010-688

PATCH

title:	JSA11083	url:	https://kb.juniper.net/JSA11083	Trust: 0.8
title:	Juniper Networks Junos OS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131310	Trust: 0.6

sources: JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1686	Trust: 2.6
db:	JUNIPER	id:	JSA11083	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012136	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-688	Trust: 0.7
db:	CNVD	id:	CNVD-2020-63215	Trust: 0.1
db:	VULHUB	id:	VHN-169980	Trust: 0.1
db:	VULMON	id:	CVE-2020-1686	Trust: 0.1

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686

REFERENCES

url:	https://kb.juniper.net/jsa11083	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1686	Trust: 1.4
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv6-33724	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-denial-of-service-via-ipv6-33600	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189882	Trust: 0.1

sources: VULHUB: VHN-169980 // VULMON: CVE-2020-1686 // JVNDB: JVNDB-2020-012136 // CNNVD: CNNVD-202010-688 // NVD: CVE-2020-1686

SOURCES

db:	VULHUB	id:	VHN-169980
db:	VULMON	id:	CVE-2020-1686
db:	JVNDB	id:	JVNDB-2020-012136
db:	CNNVD	id:	CNNVD-202010-688
db:	NVD	id:	CVE-2020-1686

LAST UPDATE DATE

2024-08-14T15:22:32.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169980	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2020-1686	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012136	date:	2021-04-26T07:28:00
db:	CNNVD	id:	CNNVD-202010-688	date:	2020-11-03T00:00:00
db:	NVD	id:	CVE-2020-1686	date:	2022-10-19T17:21:45.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169980	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1686	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012136	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-688	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1686	date:	2020-10-16T21:15:14.257