admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

juniper 2020-07-08

Browse Source
This commit is contained in:
Matthew Paulsen 2020-07-14 14:44:20 -06:00
parent 755dea97bf
commit 01dc1aeb8e
15 changed files with 2593 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
2020/1xxx/CVE-2020-1640.json Normal file
View File

@ -0,0 +1,227 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T15:00:00.000Z",
"ID": "CVE-2020-1640",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R2-S7, 17.4R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": ">=",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S5"
},
{
"version_affected": ">=",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70"
},
{
"version_affected": ">=",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S4, 18.4R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R3-S3"
},
{
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S2, 19.1R3-S2"
},
{
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2, 19.2R3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2, 19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S1, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. This framework requires these packets to be passed. By continuously sending any of these types of formatted genuine packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Authentication to the BGP peer is not required.\n\nThis issue can be initiated or propagated through eBGP and iBGP and can impact devices in either modes of use as long as the devices are configured to support the compromised framework and a BGP path is activated or active. \n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions 16.1R7-S6 and later versions prior to 16.1R7-S8;\n17.3 versions 17.3R2-S5, 17.3R3-S6 and later versions prior to 17.3R3-S8;\n17.4 versions 17.4R2-S7, 17.4R3 and later versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions 18.1R3-S7 and later versions prior to 18.1R3-S10;\n18.2 versions 18.2R2-S6, 18.2R3-S2 and later versions prior to 18.2R2-S7, 18.2R3-S5;\n18.2X75 versions 18.2X75-D12, 18.2X75-D32, 18.2X75-D33, 18.2X75-D51, 18.2X75-D60, 18.2X75-D411, 18.2X75-D420 and later versions prior to 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1) \n18.3 versions 18.3R1-S6, 18.3R2-S3, 18.3R3 and later versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions 18.4R1-S5, 18.4R2-S4, 18.4R3 and later versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2);\n19.1 versions 19.1R1-S3, 19.1R2 and later versions prior to 19.1R1-S5, 19.1R2-S2, 19.1R3-S2;\n19.2 versions 19.2R1-S2, 19.2R2 and later versions prior to 19.2R1-S5, 19.2R2, 19.2R3;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2, 19.4R3;\n20.1 versions prior to 20.1R1-S1, 20.1R2.\n\nThis issue does not affect Junos OS prior to 16.1R1.\n\nThis issue affects IPv4 and IPv6 traffic. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1173: Improper Use of Validation Framework (4.0)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11024"
}
]
},
"solution": [
{
"lang": "eng",
"value": " The following software releases have been updated to resolve this specific issue: 16.1R7-S8, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S5, 18.2X75-D32, 18.2X75-D33, 18.2X75-D420, 18.2X75-D52, 18.2X75-D60, 18.2X75-D65, 18.2X75-D70;(*1), 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S5, 18.4R3-S3(*2), 19.1R1-S5, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2, 19.4R3, 20.1R1-S1, 20.1R2, 20.2R1, and subsequent releases.\n\n*1: For 18.2X75 customers. Please speak with your account manager regarding applicable respin release identifiers for affected-to to affected-from, and resolved-in release targets.\n\n*2: Pending publication. \n"
}
],
"source": {
"advisory": "JSA11024",
"defect": [
"1497721"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

198
2020/1xxx/CVE-2020-1641.json Normal file
View File

@ -0,0 +1,198 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T15:00:00.000Z",
"ID": "CVE-2020-1641",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D95"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S2"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S5"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required:\n [protocols lldp]\n \n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes.\n\nAn indicator of compromise is to evaluate log file details for lldp with RLIMIT. \nIntervention should occur before 85% threshold of used KB versus maximum available KB memory is reached.\n\n show log messages | match RLIMIT | match lldp | last 20 \n \nMatching statement is \" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: \" with [] as variable data to evaluate for. \n\n\n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D95;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S7;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S3;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S6;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R2-S7, 18.2R3;\n18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11027"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.1R7-S7, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R2-S7, 18.2R3, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11027",
"defect": [
"1410239"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Customers may disable LLDP \"protocol lldp\" or apply firewall filters to block LLDP traffic on ingress interfaces. \n\nThere are no other known workarounds. \n"
}
]
}

181
2020/1xxx/CVE-2020-1643.json Normal file
View File

@ -0,0 +1,181 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1643",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX Series: RPD crash when executing specific \"show ospf interface\" commands from the CLI with OSPF authentication configured"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D100"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D140, 14.1X53-D54"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S7"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D210"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S12"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S2, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "An example of a vulnerable configuration with OSPF authentication enabled is shown below:\n\n area 0.0.0.0 {\n interface ae0.0 {\n authentication {\n md5 0 key \"$9$XyZzYxYzZyXyZzYxYzZy\"; ## SECRET-DATA\n }\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution of the \"show ospf interface extensive\" or \"show ospf interface detail\" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service.\n\nNote: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example:\n\nARM (vulnerable):\n % uname -a | awk '{print $NF}'\n arm\n\nPowerPC (not vulnerable):\n % uname -a | awk '{print $NF}'\n powerpc\n\nAMD (not vulnerable):\n % uname -a | awk '{print $NF}'\n amd64\n\nIntel (not vulnerable):\n % uname -a | awk '{print $NF}'\n i386\n\nThis issue affects Juniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D100;\n14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54;\n15.1 versions prior to 15.1R7-S7;\n15.1X49 versions prior to 15.1X49-D210;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S8;\n17.1 versions prior to 17.1R2-S12;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R1-S2, 18.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11030",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11030"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D100, 14.1X53-D140, 14.1X53-D54, 15.1R7-S7, 15.1X49-D210, 15.1X53-D593, 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S2, 17.4R3, 18.1R3-S2, 18.2R2, 18.2X75-D40, 18.3R1-S2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11030",
"defect": [
"1385014"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Limit access to the Junos CLI and shell to only trusted administrators.\n\nRestrict access to \"show ospf interface extensive\" or \"show ospf interface detail\" via command authorization until an upgrade can be performed."
}
]
}

196
2020/1xxx/CVE-2020-1644.json Normal file
View File

@ -0,0 +1,196 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1644",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D105.19"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S4"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "!<=",
"version_value": "17.3R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.2-EVO",
"version_value": "19.2-EVO"
},
{
"version_affected": "=",
"version_name": "19.3-EVO",
"version_value": "19.3-EVO"
},
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "<",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart.\n\nThis issue affects both IBGP and EBGP multihop deployment in IPv4 or IPv6 network.\n\n\nThis issue affects:\nJuniper Networks Junos OS:\n17.2X75 versions prior to 17.2X75-D105.19;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S10, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S4;\n18.2X75 versions prior to 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S2;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S2, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2.\n\nJuniper Networks Junos OS Evolved: any releases prior to 20.1R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.3R1.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11032",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11032"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2X75-D105.19, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S4, 18.2X75-D13, 18.2X75-D411.1, 18.2X75-D420.18, 18.2X75-D52.3, 18.2X75-D60, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S2, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11032",
"defect": [
"1481641"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

176
2020/1xxx/CVE-2020-1645.json Normal file
View File

@ -0,0 +1,176 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1645",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Services card might restart when DNS filtering is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "17.3R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set <SERVICE-SET-NAME>]\n user@host# set web-filter-profile <PROFILE_NAME>\n\nused in combination with: \n [services web-filter profile <PROFILE_NAME>]\n user@host# set dns-filter-template <TEMPLATE_NAME>\n\n\n\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process.\n\nIf the issue occurs, system core-dumps output will show a crash of mspmand process:\n root@device> show system core-dumps\n -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz\n\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S8;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R2-S2, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11028",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11028"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11028",
"defect": [
"1474056"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

144
2020/1xxx/CVE-2020-1646.json Normal file
View File

@ -0,0 +1,144 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T04:00:00.000Z",
"ID": "CVE-2020-1646",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "=",
"version_name": "17.4",
"version_value": "17.4R2-S7"
},
{
"version_affected": "=",
"version_name": "18.1",
"version_value": "18.1R3-S7"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "19.2-EVO",
"version_value": "19.2R2-EVO"
},
{
"version_affected": "<",
"version_value": "19.3R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart.\n\nThis issue occurs only when the device is receiving and processing the BGP UPDATE for an EBGP peer.\nThis issue does not occur when the device is receiving and processing the BGP UPDATE for an IBGP peer.\nHowever, the offending BGP UPDATE can originally come from an EBGP peer, propagates through the network via IBGP peers without causing crash, then it causes RPD crash when it is processed for a BGP UPDATE towards an EBGP peer.\n\nRepeated receipt and processing of the same specific BGP UPDATE can result in an extended Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS: 17.3R3-S6, 17.4R2-S7, and 18.1R3-S7.\nJuniper Networks Junos OS Evolved 19.2R2-EVO and later versions, prior to 19.3R1-EVO.\n\nOther Junos OS releases are not affected."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11033",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11033"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.3R3-S7, 17.4R2-S8, 18.1R3-S8, and all subsequent releases.\nThis fix has been proactively committed to other Junos OS releases that are not vulnerable to this issue.\n\nJunos OS Evolved: 19.3R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11033",
"defect": [
"1448425"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

158
2020/1xxx/CVE-2020-1647.json Normal file
View File

@ -0,0 +1,158 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1647",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "!<",
"version_value": "18.1R1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue may occur only when ICAP Redirect Service is enabled.\n\nThe examples of minimum config stanza affected by this issue: \n [services icap-redirect profile <ICAP_PROFILE_NAME>]\nin combination with: \n [security policies from-zone <ZONE_NAME> to-zone <ZONE_NAME> policy <POLICY_NAME> then permit application-services <ICAP_PROFILE_NAME>]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message.\n\nContinued processing of this specific HTTP message may result in an extended Denial of Service (DoS).\n\nThe offending HTTP message that causes this issue may originate both from the HTTP server or the client.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.1 versions prior to 18.1R3-S9;\n18.2 versions prior to 18.2R3-S3;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2;\n19.3 versions prior to 19.3R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11034",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11034"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S9, 18.2R3-S3, 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11034",
"defect": [
"1465286"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Disable ICAP redirect service otherwise there are no viable workarounds for this issue."
}
]
}

165
2020/1xxx/CVE-2020-1648.json Normal file
View File

@ -0,0 +1,165 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1648",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50.8 18.2X75-D60"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70"
},
{
"version_affected": "!<",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": ">=",
"version_name": "19.4",
"version_value": "19.4R1"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "!<",
"version_name": "19.4-EVO",
"version_value": "19.4R1-EVO"
},
{
"version_affected": "<",
"version_name": "19.4-EVO",
"version_value": "19.4R2-S2-EVO"
},
{
"version_affected": "<",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart.\n\nThis issue can occur even before the BGP session with the peer is established.\n\nRepeated receipt of this specific BGP packet can result in an extended Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS:\n18.2X75 versions starting from 18.2X75-D50.8, 18.2X75-D60 and later versions, prior to 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70;\n19.4 versions 19.4R1 and 19.4R1-S1;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nJuniper Networks Junos OS Evolved:\n19.4-EVO versions prior to 19.4R2-S2-EVO;\n20.1-EVO versions prior to 20.1R2-EVO.\n\nThis issue does not affect:\nJuniper Networks Junos OS releases prior to 19.4R1.\nJuniper Networks Junos OS Evolved releases prior to 19.4R1-EVO."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-690 Unchecked Return Value to NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11035",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11035"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60.2, 18.2X75-D65.1, 18.2X75-D70, 19.4R1-S2, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved: 19.4R2-S2-EVO, 20.1R2-EVO, 20.2R1-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA11035",
"defect": [
"1502327"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue. "
}
]
}

187
2020/1xxx/CVE-2020-1649.json Normal file
View File

@ -0,0 +1,187 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1649",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "17.2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S4, 18.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S4, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2-S1, 19.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "A sample configuration for enabling inline IP reassembly is shown below:\n\n set chassis fpc 8 pic 0 inline-services bandwidth 100g\n\nNote: Explicitly specifying a bandwidth for L2TP LNS tunnel traffic using inline services is not required. When a bandwidth is not specified, the maximum bandwidth supported on the PIC is automatically available for the inline services."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages:\n\n [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29\n [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0\n [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0\n [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1\n [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error\n [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major\n\nBy continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).\n\n\n\nThis issue affects Juniper Networks Junos OS:\n17.2 versions prior to 17.2R3-S4 on MX Series;\n17.3 versions prior to 17.3R3-S8 on MX Series;\n17.4 versions prior to 17.4R2-S9, 17.4R3-S1 on MX Series;\n18.1 versions prior to 18.1R3-S10 on MX Series;\n18.2 versions prior to 18.2R2-S6, 18.2R3-S3 on MX Series;\n18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430 on MX Series;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2 on MX Series;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3 on MX Series;\n19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on MX Series;\n19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series;\n19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.\n\nThis issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11036",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11036"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.3R3-S8, 17.4R2-S9, 17.4R3-S1, 18.1R3-S10, 18.2R2-S6, 18.2R3-S3, 18.2X75-D34, 18.2X75-D41, 18.2X75-D53, 18.2X75-D65, 18.2X75-D430, 18.3R1-S7, 18.3R2-S4, 18.3R3-S2, 18.4R1-S6, 18.4R2-S4, 18.4R3, 19.1R1-S4, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11036",
"defect": [
"1465490"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

201
2020/1xxx/CVE-2020-1650.json Normal file
View File

@ -0,0 +1,201 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1650",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2R2-S7"
},
{
"platform": "MX Series",
"version_affected": "=",
"version_name": "17.3",
"version_value": "17.3R3-S4, 17.3R3-S5"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R2-S4"
},
{
"platform": "MX Series",
"version_affected": "=",
"version_name": "17.4",
"version_value": "17.4R3"
},
{
"platform": "MX Series",
"version_affected": "=",
"version_name": "18.1",
"version_value": "18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8"
},
{
"platform": "MX Series",
"version_affected": "=",
"version_name": "18.2",
"version_value": "18.2R3, 18.2R3-S1, 18.2R3-S2"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "18.3",
"version_value": "18.3R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "19.3",
"version_value": "19.3R1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC.\n\nBy continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service.\n\nThis issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured.\nThis issue affects Juniper Networks Junos OS on MX Series:\n17.2R2-S7;\n17.3R3-S4, 17.3R3-S5;\n17.4R2-S4 and the subsequent SRs (17.4R2-S5, 17.4R2-S6, etc.);\n17.4R3;\n18.1R3-S3, 18.1R3-S4, 18.1R3-S5, 18.1R3-S6, 18.1R3-S7, 18.1R3-S8;\n18.2R3, 18.2R3-S1, 18.2R3-S2;\n18.3R2 and the SRs based on 18.3R2;\n18.4R2 and the SRs based on 18.4R2;\n19.1R1 and the SRs based on 19.1R1;\n19.2R1 and the SRs based on 19.2R1;\n19.3R1 and the SRs based on 19.3R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11037",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11037"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.2R2-S8, 17.3R3-S6, 17.4R3-S1, 18.1R3-S9, 18.2R3-S3, 18.3R3, 18.4R3, 19.1R2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11037",
"defect": [
"1453811"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

146
2020/1xxx/CVE-2020-1651.json Normal file
View File

@ -0,0 +1,146 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T04:00:00.000Z",
"ID": "CVE-2020-1651",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: PFE on the line card may crash due to memory leak."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "17.2R1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D105.19"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S7"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue is not specific to any configuration."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption.\n\nBy continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS).\nThis issue affects Juniper Networks Junos OS on MX Series:\n17.2 versions prior to 17.2R3-S4;\n17.2X75 versions prior to 17.2X75-D105.19;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R1-S3, 17.4R2;\n18.1 versions prior to 18.1R2.\n\nThis issue does not affect Juniper Networks Junos OS releases prior to 17.2R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-19 Data Processing Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11038",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11038"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.2R3-S4, 17.2X75-D105.19, 17.3R3-S7, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11038",
"defect": [
"1347250"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

109
2020/1xxx/CVE-2020-1652.json Normal file
View File

@ -0,0 +1,109 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1652",
"STATE": "PUBLIC",
"TITLE": "Junos Space: OpenNMS is accessible via port 9443"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenNMS is accessible via port 9443"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213 Intentional Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 20.1R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11023",
"defect": [
"1233680"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

159
2020/1xxx/CVE-2020-1653.json Normal file
View File

@ -0,0 +1,159 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1653",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!<",
"version_value": "17.4R1"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S5"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3-S1"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore).\n\nThis issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets.\n\nThis issue is not related to any specific configuration and it affects Junos OS releases starting from 17.4R1.\nHowever, this issue does not affect Junos OS releases prior to 18.2R1 when Nonstop active routing (NSR) is configured [edit routing-options nonstop-routing].\n\nThe number of mbufs is platform dependent.\nThe following command provides the number of mbufs counter that are currently in use and maximum number of mbufs that can be allocated on a platform:\n user@host> show system buffers \n 2437/3143/5580 mbufs in use (current/cache/total)\n\nOnce the device runs out of mbufs, the FPC crashes or the vmcore occurs and the device might become inaccessible requiring a manual restart.\n\nThis issue affects Juniper Networks Junos OS\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S5;\n18.2X75 versions prior to 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2.\n\nVersions of Junos OS prior to 17.4R1 are unaffected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11040",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11040"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R2-S7, 18.2R3-S5, 18.2X75-D41, 18.2X75-D420.12, 18.2X75-D51, 18.2X75-D60, 18.2X75-D34, 18.3R2-S4, 18.3R3-S2, 18.4R1-S7, 18.4R2-S4, 18.4R3-S1, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11040",
"defect": [
"1468183"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue, however having the DDoS feature enabled and using the firewall filter to limit incoming packet towards the RE only from trusted networks and host help to mitigate this issue.\n\nThe following command can be used to check if DDoS feature is enabled:\n user@host> show ddos-protection statistics\n DDOS protection global statistics:\n Policing on routing engine: Yes <--- must be \"Yes\"\n Policing on FPC: Yes\n Flow detection: Yes <-- must be Yes\n <snip>\n"
}
]
}

159
2020/1xxx/CVE-2020-1654.json Normal file
View File

@ -0,0 +1,159 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1654",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "!<",
"version_name": "18.1",
"version_value": "18.1R1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S4, 18.3R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue may occur only when ICAP Redirect Service is enabled.\n\nThe examples of minimum config stanza affected by this issue:\n [services icap-redirect profile <ICAP_PROFILE_NAME>]\nin combination with: \n [security policies from-zone <ZONE_NAME> to-zone <ZONE_NAME> policy <POLICY_NAME> then permit application-services <ICAP_PROFILE_NAME>]\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE)\n\nContinued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition.\n\nThe offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client.\n\n\n\n\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n18.1 versions prior to 18.1R3-S9 ;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S3;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3;\n19.1 versions prior to 19.1R1-S5, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2;\n19.3 versions prior to 19.3R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11031",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11031"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S4, 18.3R3-S1, 18.4R1-S7, 18.4R2-S4, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11031",
"defect": [
"1460035"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Disable ICAP redirect service otherwise there are no viable workarounds for this issue.\n"
}
]
}

187
2020/1xxx/CVE-2020-1655.json Normal file
View File

@ -0,0 +1,187 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1655",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "17.2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D41, 18.2X75-D430, 18.2X75-D65"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S4, 18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2-S1, 19.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S2, 19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "A sample configuration for enabling inline IP reassembly is shown below:\n\n set chassis fpc 8 pic 0 inline-services bandwidth 100g\n\nNote: Explicitly specifying a bandwidth for L2TP LNS tunnel traffic using inline services is not required. When a bandwidth is not specified, the maximum bandwidth supported on the PIC is automatically available for the inline services.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages:\n\n [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29\n [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0\n [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0\n [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3\n [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0\n [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error\n [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major\n\nBy continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).\n\nThis issue affects Juniper Networks Junos OS:\n17.2 versions prior to 17.2R3-S4 on MX Series;\n17.3 versions prior to 17.3R3-S8 on MX Series;\n17.4 versions prior to 17.4R2-S10, 17.4R3-S2 on MX Series;\n18.1 versions prior to 18.1R3-S10 on MX Series;\n18.2 versions prior to 18.2R3-S3 on MX Series;\n18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D65 on MX Series;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 on MX Series;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3 on MX Series;\n19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3 on MX Series;\n19.2 versions prior to 19.2R1-S4, 19.2R2 on MX Series;\n19.3 versions prior to 19.3R2-S2, 19.3R3 on MX Series.\n\nThis issue is specific to inline IP reassembly, introduced in Junos OS 17.2. Versions of Junos OS prior to 17.2 are unaffected by this vulnerability.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11041",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11041"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l2tp-lns-inline-service-interfaces.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.3R3-S8, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S3, 18.2X75-D41, 18.2X75-D430, 18.2X75-D65, 18.3R1-S7, 18.3R2-S4, 18.3R3-S1, 18.4R1-S7, 18.4R2-S4, 18.4R3, 19.1R1-S5, 19.1R2-S1, 19.1R3, 19.2R1-S4, 19.2R2, 19.3R2-S2, 19.3R3, 19.4R1, 19.4R2, 20.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11041",
"defect": [
"1474154"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}