Details of VAR-202010-1526

ID

VAR-202010-1526

CVE

CVE-2020-1681

TITLE

Juniper Networks Junos OS Evolved Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012133

DESCRIPTION

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability. The operating system provides a secure programming interface and Junos SDK. Junos OS Evolved is an upgraded version of Junos OS. Attackers can use this vulnerability to send malicious NDP packets to trigger denial of service

Trust: 1.8

sources: NVD: CVE-2020-1681 // JVNDB: JVNDB-2020-012133 // VULHUB: VHN-169925 // VULMON: CVE-2020-1681

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.1	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os evolved	scope:	lt	version:	20.1r2-evo less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012133 // NVD: CVE-2020-1681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1681
value:	LOW
Trust: 1.0
sirt@juniper.net:	CVE-2020-1681
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-1681
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-682
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169925
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-1681
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-1681
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169925
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1681
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012133
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169925 // VULMON: CVE-2020-1681 // JVNDB: JVNDB-2020-012133 // CNNVD: CNNVD-202010-682 // NVD: CVE-2020-1681 // NVD: CVE-2020-1681

PROBLEMTYPE DATA

problemtype:	CWE-617	Trust: 1.1
problemtype:	CWE-755	Trust: 1.1
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-169925 // JVNDB: JVNDB-2020-012133 // NVD: CVE-2020-1681

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-682

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-682

PATCH

title:	JSA11078	url:	https://kb.juniper.net/JSA11078	Trust: 0.8
title:	Juniper Networks Junos OS Evolved Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=130752	Trust: 0.6

sources: JVNDB: JVNDB-2020-012133 // CNNVD: CNNVD-202010-682

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1681	Trust: 2.6
db:	JUNIPER	id:	JSA11078	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012133	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-682	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3732	Trust: 0.6
db:	CNVD	id:	CNVD-2020-63944	Trust: 0.1
db:	VULHUB	id:	VHN-169925	Trust: 0.1
db:	VULMON	id:	CVE-2020-1681	Trust: 0.1

sources: VULHUB: VHN-169925 // VULMON: CVE-2020-1681 // JVNDB: JVNDB-2020-012133 // CNNVD: CNNVD-202010-682 // NVD: CVE-2020-1681

REFERENCES

url:	https://kb.juniper.net/jsa11078	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1681	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3732/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-denial-of-service-via-ndp-33719	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-evolved-denial-of-service-via-ndp-33595	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189908	Trust: 0.1

sources: VULHUB: VHN-169925 // VULMON: CVE-2020-1681 // JVNDB: JVNDB-2020-012133 // CNNVD: CNNVD-202010-682 // NVD: CVE-2020-1681

SOURCES

db:	VULHUB	id:	VHN-169925
db:	VULMON	id:	CVE-2020-1681
db:	JVNDB	id:	JVNDB-2020-012133
db:	CNNVD	id:	CNNVD-202010-682
db:	NVD	id:	CVE-2020-1681

LAST UPDATE DATE

2024-11-23T22:25:19.893000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169925	date:	2022-10-21T00:00:00
db:	VULMON	id:	CVE-2020-1681	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2020-012133	date:	2021-04-26T07:28:00
db:	CNNVD	id:	CNNVD-202010-682	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2020-1681	date:	2024-11-21T05:11:09.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169925	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1681	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012133	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-682	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1681	date:	2020-10-16T21:15:13.847