admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Juniper JSA publication 2020-10. See https://advisory.juniper.net for more information.

Browse Source
This commit is contained in:
0marg 2020-10-16 22:15:32 +02:00
parent d0d058d517
commit 6463100d03
No known key found for this signature in database
GPG Key ID: ABCD916B751254A7
31 changed files with 5105 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

255
2020/1xxx/CVE-2020-1656.json Normal file
View File

@ -0,0 +1,255 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T15:00:00.000Z",
"ID": "CVE-2020-1656",
"STATE": "PUBLIC",
"TITLE": "Junos OS: When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client message, Remote Code Execution may occur."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D95"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D53"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S2"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D44"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S7"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S6, 18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3-S1"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay dhcpv6]\n\nMore details on DHCPV6 Relay-Agent configuration and use are located in the reference URLs.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device.\n\nContinuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition.\n\nIf adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D95;\n14.1X53 versions prior to 14.1X53-D53;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S7;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2;\n17.2 versions prior to 17.2R3-S3;\n17.2X75 versions prior to 17.2X75-D44;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S9;\n18.2 versions prior to 18.2R2-S6, 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S4, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2;\n19.3 versions prior to 19.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11049",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11049"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcpv6-relay-agent-overview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcpv6-relay-agent-overview.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-relay-agent-security-devices.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/dhcp-relay-agent-security-devices.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-dhcpv6-relay-statistics.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-dhcpv6-relay-statistics.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D53, 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.2R2-S11, 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.2X75-D44, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S6, 18.2R3-S2, 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1-S3, 19.2R2, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11049",
"defect": [
"1461448"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

167
2020/1xxx/CVE-2020-1657.json Normal file
View File

@ -0,0 +1,167 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T15:00:00.000Z",
"ID": "CVE-2020-1657",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D90"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D190"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S3, 18.4R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of minimum config stanza affected by this issue:\n [security ipsec]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel.\n\nSustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. \n\nThis issue affects IPv4 and IPv6 implementations.\n \nThis issue affects Juniper Networks Junos OS on SRX Series:\n12.3X48 versions prior to 12.3X48-D90;\n15.1X49 versions prior to 15.1X49-D190;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S9;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S4, 19.1R2.\n\nThis issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-408 Incorrect Behavior Order: Early Amplification"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11050",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11050"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D190, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R3, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S6, 18.4R2-S3, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11050",
"defect": [
"977435"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n"
}
]
}

170
2020/1xxx/CVE-2020-1660.json Normal file
View File

@ -0,0 +1,170 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1660",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required:\n [services web-filter profile profile-name dns-filter-template <template-name> dns-filter]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. \n\n\n\n\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S8;\n18.3 versions prior to 18.3R3-S1;\n18.4 versions prior to 18.4R3;\n19.1 versions prior to 19.1R3;\n19.2 versions prior to 19.2R2;\n19.3 versions prior to 19.3R3.\n\nThis issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11054",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11054"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11054",
"defect": [
"1469188"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

150
2020/1xxx/CVE-2020-1661.json Normal file
View File

@ -0,0 +1,150 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1661",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd process crash when forwarding a malformed DHCP packet."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S16"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D105"
},
{
"platform": "EX and QFX Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D60"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S7"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D221, 15.1X49-D230"
},
{
"platform": "EX2300/EX3400",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The examples of the config stanza affected by this issue:\n [forwarding-options dhcp-relay forward-only]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet.\n\nThis issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session.\n\nThe jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition.\n\nThis issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6.\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S16;\n12.3X48 versions prior to 12.3X48-D105 on SRX Series;\n14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series;\n15.1 versions prior to 15.1R7-S7;\n15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series;\n15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400;\n16.1 versions prior to 16.1R7-S5."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "TBD"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11056",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11056"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S16, 12.3X48-D105, 15.1R7-S7, 15.1X49-D221, 15.1X49-D230, 15.1X53-D593, 16.1R7-S5, 16.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11056",
"defect": [
"1430874"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

242
2020/1xxx/CVE-2020-1662.json Normal file
View File

@ -0,0 +1,242 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1662",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD crash due to BGP session flapping."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S10, 17.4R3-S2"
},
{
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R3-S6"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": ">=",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S4"
},
{
"version_affected": ">=",
"version_name": "18.2X75",
"version_value": "18.2X75-D50, 18.2X75-D60"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D53, 18.2X75-D65"
},
{
"version_affected": ">=",
"version_name": "18.3",
"version_value": "18.3R2"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S2"
},
{
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R1"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S1"
},
{
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R1"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
},
{
"version_affected": "!<",
"version_value": "17.2R3-S3"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "<",
"version_name": "20.1-EVO",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols bgp damping]\n\nused in combination with accepted-prefix-limit configuration:\n [protocols bgp ... accepted-prefix-limit]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers.\n\nThis issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration.\n\nWhen the issue occurs the following messages will appear in the /var/log/messages:\n rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master)\n rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master)\n rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000\n kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover\n\n\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n17.2R3-S3;\n17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8;\n17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2;\n18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10;\n18.2 version 18.2R3 and later versions, prior to 18.2R3-S4;\n18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65;\n18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2;\n18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2;\n19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1;\n19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nJuniper Networks Junos OS Evolved prior to 20.1R2-EVO.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11059",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11059"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\n\nJunos OS Evolved: 20.1R2-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11059",
"defect": [
"1490079"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are multiple workarounds that can be applied to prevent this issue:\n\n1. Disable BGP router flap damping.\n\n2. Replace \"accepted-prefix-limit\" with \"prefix-limit\" in the BGP configuration, for example: \n [edit protocols bgp group ${GRP} neighbor ${NEI} family ${AFI} unicast] \n + prefix-limit {\n - accepted-prefix-limit {\n\n 3. Make sure that the BGP session idle-timeout is longer than damping max-suppress time. \nIn other words, by the time a peer is eligible to establish BGP session again, no previously advertised prefixes remain suppressed.\nThe BGP session idle time out is configured under:\n [protocols bgp damping ... teardown <TEARDOWN_VALUE> idle-timeout <IDLE_TIMEOUT_VALUE>]\nThe BGP damping max-suppress time configured under:\n [protocol bgp damping... max-suppress <MAX_SUPPRES_VALUE>]\nThe <IDLE_TIMEOUT_VALUE> needs to be higher than <MAX_SUPPRES_VALUE>\n"
}
]
}

180
2020/1xxx/CVE-2020-1664.json Normal file
View File

@ -0,0 +1,180 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1664",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Buffer overflow vulnerability in device control daemon"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D53, 18.2X75-D65"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S4"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S5"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S3"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R1-S1, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Hoàng Thạch Nguyễn (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege.\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S4;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S5;\n19.1 versions prior to 19.1R3-S3;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3;\n20.1 versions prior to 20.1R1-S4, 20.1R2;\n20.2 versions prior to 20.2R1-S1, 20.2R2.\nVersions of Junos OS prior to 17.3 are unaffected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11061",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11061"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S4, 18.4R2-S5, 18.4R3-S5, 19.1R3-S3, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1-S1, 20.2R2, 20.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11061",
"defect": [
"1519334"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts.\n"
},
{
"lang": "eng",
"value": "Limit access to the Junos OS CLI to only trusted system administrators."
}
]
}

158
2020/1xxx/CVE-2020-1665.json Normal file
View File

@ -0,0 +1,158 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1665",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected. "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D102, 17.2X75-D110"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3, 18.2R3-S3"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D30"
},
{
"platform": "MX series/EX9200 Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The DDoS feature is enabled by default, there is no specific config stanza required to enable DDoS protection, however it can be manually disabled.\n\nTo check if DDOS protection is enabled, the administrator can issue the following command: \n user@host> show ddos-protection statistics\n DDOS protection global statistics:\n Policing on routing engine: Yes\n Policing on FPC: Yes"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition.\n\nThe DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack.\nWhen this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic.\n\nThis issue does not affect IPv4 DDoS protection.\n\nThis issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines).\nPlease refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs.\nThis issue affects Juniper Networks Junos OS on MX series and EX9200 Series:\n17.2 versions prior to 17.2R3-S4;\n17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2;\n18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3;\n18.2X75 versions prior to 18.2X75-D30;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-794: Incomplete Filtering of Multiple Instances of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11062",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11062"
},
{
"name": "https://kb.juniper.net/KB25385",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB25385"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11062",
"defect": [
"1377899"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

119
2020/1xxx/CVE-2020-1666.json Normal file
View File

@ -0,0 +1,119 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1666",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: 'console log-out-on-disconnect' fails to terminate session on console cable disconnection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.2R1-EVO"
},
{
"version_affected": "!<",
"version_value": "18.4R1-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Console log out on disconnect is enabled via the following configuration stanza:\n [system ports console log-out-on-disconnect]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges.\n\nThis issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11063",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11063"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.2R1-EVO and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11063",
"defect": [
"1406238"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit access to the physical console to only trusted system administrators."
}
]
}

161
2020/1xxx/CVE-2020-1667.json Normal file
View File

@ -0,0 +1,161 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T07:00:00.000Z",
"ID": "CVE-2020-1667",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set <SERVICE-SET-NAME>]\n user@host# set web-filter-profile <PROFILE_NAME>\n\nused in combination with:\n [services web-filter profile <PROFILE_NAME>]\n user@host# set dns-filter-template <TEMPLATE_NAME>"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing \"URL Filtering service\", can crash, causing the Services PIC to restart. \n\nWhile the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process.\n\n\n\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S8;\n18.3 versions prior to 18.3R3-S1;\n18.4 versions prior to 18.4R3;\n19.1 versions prior to 19.1R3;\n19.2 versions prior to 19.2R2;\n19.3 versions prior to 19.3R3.\n\nThis issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11064",
"defect": [
"1466567"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

159
2020/1xxx/CVE-2020-1668.json Normal file
View File

@ -0,0 +1,159 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1668",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
},
{
"platform": "EX2300 Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption.\n\nThis issue occurs when multicast packets are received by the layer 2 interface.\n\nTo check if the device has high CPU load due to this issue, the administrator can issue the following command:\n user@host> show chassis routing-engine\n Routing Engine status:\n ...\n Idle 2 percent\nthe \"Idle\" value shows as low (2 % in the example above), and also the following command:\n user@host> show system processes summary\n ...\n PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND\n 11639 root 52 0 283M 11296K select 12:15 44.97% eventd\n 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc}\nthe eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example).\nThis issue affects Juniper Networks Junos OS on EX2300 Series:\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11065",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11065"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11065",
"defect": [
"1491905"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no available workarounds for this issue."
}
]
}

117
2020/1xxx/CVE-2020-1669.json Normal file
View File

@ -0,0 +1,117 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1669",
"STATE": "PUBLIC",
"TITLE": "Junos OS: NFX350: Password hashes stored in world-readable format"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX350",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R3"
},
{
"platform": "NFX350",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system.\n\nThis issue affects Juniper Networks Junos OS on NFX350:\n19.4 versions prior to 19.4R3;\n20.1 versions prior to 20.1R1-S4, 20.1R2.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256 Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11066",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11066"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Junos OS now stores local password hashes in the protected /etc/shadow file.\n\nThe following software releases have been updated to resolve this specific issue: Junos OS 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11066",
"defect": [
"1462556"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts.\nLimit shell access to only trusted system administrators."
}
]
}

176
2020/1xxx/CVE-2020-1670.json Normal file
View File

@ -0,0 +1,176 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1670",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S4"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S4, 18.4R3-S2"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S1"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"platform": "EX4300 series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [interfaces irb unit <UNIT_NUMBER>]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption.\n\nThis specific packets can originate only from within the broadcast domain where the device is connected.\nThis issue occurs when the packets enter to the IRB interface.\n\nOnly IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue.\nThis issue affects Juniper Networks Junos OS on EX4300 series:\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S10;\n18.2 versions prior to 18.2R3-S4;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R2-S4, 18.4R3-S2;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S1;\n19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2;\n20.1 versions prior to 20.1R1-S3, 20.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.3R2-S4, 18.3R3-S2, 18.4R2-S4, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S3, 20.1R2, 20.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11067",
"defect": [
"1495129"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

183
2020/1xxx/CVE-2020-1671.json Normal file
View File

@ -0,0 +1,183 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T07:00:00.000Z",
"ID": "CVE-2020-1671",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D65"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
},
{
"version_affected": "!<",
"version_value": "17.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of DHCPv6 local server configuration stanza affected by this issue is:\n [system services dhcp-local-server dhcpv6]\n\nThe example of configuration stanza for DHCPv6 Relay Agent affected by this issue is: \n [forwarding-options dhcp-relay dhcpv6]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon.\n\nThis issue only affects DHCPv6, it does not affect DHCPv4.\nThis issue affects: Juniper Networks Junos OS\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.2X75 versions prior to 18.2X75-D65;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.2 version 19.2R2 and later versions;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3;\n20.1 versions prior to 20.1R1-S3, 20.1R2;\nThis issue does not affect Juniper Networks Junos OS prior to 17.4R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11068",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11068"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S2, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11068",
"defect": [
"1511782"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

179
2020/1xxx/CVE-2020-1672.json Normal file
View File

@ -0,0 +1,179 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1672",
"STATE": "PUBLIC",
"TITLE": "Junos OS: jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay configuration."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2, 17.4R3-S3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D34, 18.2X75-D65"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R2-S4, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the config stanza affected by this issue:\n [forwarding-options dhcp-relay dhcpv6]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon.\n\nThe jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition.\n\nOnly DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue.\nThis issue affects Juniper Networks Junos OS:\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S3, 20.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11069",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11069"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.2X75-D34, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11069",
"defect": [
"1512765"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

166
2020/1xxx/CVE-2020-1673.json Normal file
View File

@ -0,0 +1,166 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1673",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S1"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
},
{
"version_affected": "!<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]\n [security dynamic-vpn]"
}
],
"credit": [
{
"lang": "eng",
"value": "Mritunjay Bhardwaj mritunjay (dot) b (at) hcl (dot) com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user.\n\nThis issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP).\n\nJunos OS devices with HTTP/HTTPS services disabled are not affected.\n\nIf HTTP/HTTPS services are enabled, the following command will show the httpd processes:\n user@device> show system processes | match http \n 5260 - S 0:00.13 /usr/sbin/httpd-gk -N\n 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf\n\nIn order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console.\n\nThis issue affects Juniper Networks Junos OS:\n18.1 versions prior to 18.1R3-S1;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S2;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S1;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11070",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11070"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11070",
"defect": [
"1493385"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

197
2020/1xxx/CVE-2020-1674.json Normal file
View File

@ -0,0 +1,197 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1674",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: MACsec delay protection fails to drop/discard delayed MACsec packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8, 17.3R3-S9"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S5, 18.4R3-S3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2-S1, 19.4R3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all",
"version_value": "19.4R3-EVO"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the \"bounded receive delay\", there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets.\nThis issue affects:\nJuniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S8;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S8, 17.3R3-S9;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nJuniper Networks Junos OS Evolved:\nall versions prior to 19.4R3-EVO;\n20.1 versions prior to 20.1R2-EVO.\n\nThis issue does not affect Junos OS versions prior to 16.1R1.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11071",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11071"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/concept/macsec.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/macsec.html"
},
{
"name": "https://ieeexplore.ieee.org/document/1678345",
"refsource": "MISC",
"url": "https://ieeexplore.ieee.org/document/1678345"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S3, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.\n\nJunos OS Evolved 19.4R3-EVO, 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11071",
"defect": [
"1503010"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

100
2020/1xxx/CVE-2020-1675.json Normal file
View File

@ -0,0 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1675",
"STATE": "PUBLIC",
"TITLE": "Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIST Cloud UI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "09/02/2020"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data.\nThis issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-299 Improper Check for Certificate Revocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11072",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11072"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."
}
],
"source": {
"advisory": "JSA11072",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."
}
]
}

100
2020/1xxx/CVE-2020-1676.json Normal file
View File

@ -0,0 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1676",
"STATE": "PUBLIC",
"TITLE": "Juniper Networks Mist Cloud UI: SAML authentication response handling vulnerability."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIST Cloud UI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "09/02/2020"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls.\n\nThis issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11072",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11072"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."
}
],
"source": {
"advisory": "JSA11072",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."
}
]
}

100
2020/1xxx/CVE-2020-1677.json Normal file
View File

@ -0,0 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1677",
"STATE": "PUBLIC",
"TITLE": "Juniper Networks Mist Cloud UI: SAML authentication attribute elements handling vulnerability. "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MIST Cloud UI",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "09/02/2020"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls.\nThis issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11072",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11072"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Mist Cloud UI has been updated on September 2 2020 to resolve this specific issue."
}
],
"source": {
"advisory": "JSA11072",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "No workarounds are required since the issue has been resolved in the Mist cloud UI."
}
]
}

138
2020/1xxx/CVE-2020-1678.json Normal file
View File

@ -0,0 +1,138 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T07:00:00.000Z",
"ID": "CVE-2020-1678",
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "19.4-EVO",
"version_value": "19.4-EVO"
},
{
"version_affected": "<",
"version_name": "20.1-EVO",
"version_value": "20.1R1-S4-EVO, 20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [protocols evpn]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash.\n\nIf the issue occurs, the memory leak could be seen by executing the \"show task memory detail | match policy | match evpn\" command multiple times to check if memory (Alloc Blocks value) is increasing.\n\n root@device> show task memory detail | match policy | match evpn\n ------------------------ Allocator Memory Report ------------------------\n Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes\n Policy EVPN Params 20 24 3330678 79936272 3330678 79936272\n\n\n root@device> show task memory detail | match policy | match evpn\n ------------------------ Allocator Memory Report ------------------------\n Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes\n\n Policy EVPN Params 20 24 36620255 878886120 36620255 878886120\n \nThis issue affects:\nJuniper Networks Junos OS\n19.4 versions prior to 19.4R2;\n20.1 versions prior to 20.1R1-S4, 20.1R2;\n\nJuniper Networks Junos OS Evolved:\n19.4 versions;\n20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO;\n20.2 versions prior to 20.2R1-EVO;\n\nThis issue does not affect:\nJuniper Networks Junos OS releases prior to 19.4R1.\nJuniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.\n\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11075",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11075"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 19.4R2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1 and all subsequent releases.\n\nJunos OS Evolved: 20.1R1-S4-EVO, 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11075",
"defect": [
"1490269"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

182
2020/1xxx/CVE-2020-1679.json Normal file
View File

@ -0,0 +1,182 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1679",
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D105"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D420, 18.2X75-D53, 18.2X75-D65"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S5, 18.4R3-S4"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S2, 19.4R2-S1, 19.4R3"
},
{
"platform": "PTX, QFX",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S2, 20.1R2"
},
{
"platform": "PTX, QFX",
"version_affected": "!<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The examples of the configuration stanza affected by this issue are as follows:\n [services flow-monitoring version9 template <template_name> tunnel-observation mpls-over-udp]\nor\n [services flow-monitoring version-ipfix template <template_name> tunnel-observation mpls-over-udp]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck.\n\nKRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues.\n\nAn administrator can monitor the following command to check if there is the KRT queue is stuck:\n user@device > show krt state \n ...\n Number of async queue entries: 65007 <--- this value keep on increasing.\n\nWhen this issue occurs, the following message might appear in the /var/log/messages:\n DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Too many delayed route/nexthop unrefs. Op 2 err 55, rtsm_id 5:-1, msg type 2 \n DATE DEVICE kernel: %KERN-3: rt_pfe_veto: Memory usage of M_RTNEXTHOP type = (0) Max size possible for M_RTNEXTHOP type = (7297134592) Current delayed unref = (60000), Current unique delayed unref = (18420), Max delayed unref on this platform = (40000) Current delayed weight unref = (60000) Max delayed weight unref on this platform= (400000) curproc = rpd\nThis issue affects Juniper Networks Junos OS on PTX/QFX Series:\n17.2X75 versions prior to 17.2X75-D105;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.2X75 versions prior to 18.2X75-D420, 18.2X75-D53, 18.2X75-D65;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.3 versions prior to 19.3R2-S3, 19.3R3;\n19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S2, 20.1R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.1R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11076",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11076"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.2X75-D105, 18.1R3-S11, 18.2R3-S5, 18.2X75-D420, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2-S1, 19.4R3, 20.1R1-S2, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11076",
"defect": [
"1495788"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Disable sampling on all the interfaces will prevent the issue from occurring.\n\nIf the device is experiencing the issue, the administrator can perform the follow steps to restore KRT queue:\n1. Disable sampling configuration on this FPC\n user@device> deactivate chassis fpc<slot-no> sampling-instance <instance-name>\n2. Restart multi-svcs process on this FPC by killing the process. The multi-svcs will get stared automatically once it gets killed and resume normal processing.\n\n"
}
]
}

195
2020/1xxx/CVE-2020-1680.json Normal file
View File

@ -0,0 +1,195 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1680",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S7"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the config stanza affected by this issue: \n [services nat rule <rule_name> term <term_name> then translated translation-type stateful-nat64]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC.\n\nThis issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet.\n\nAn unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n15.1 versions prior to 15.1R7-S7;\n15.1X53 versions prior to 15.1X53-D593;\n16.1 versions prior to 16.1R7-S8;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S11, 17.4R3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65;\n18.3 versions prior to 18.3R2-S4, 18.3R3;\n18.4 versions prior to 18.4R2-S5, 18.4R3;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-131 Incorrect Calculation of Buffer Size"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11077",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11077"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S7, 15.1X53-D593, 16.1R7-S8, 17.2R3-S4, 17.3R3-S6, 17.4R2-S11, 17.4R3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65, 18.3R2-S4, 18.3R3, 18.4R2-S5, 18.4R3, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11077",
"defect": [
"1441517"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

110
2020/1xxx/CVE-2020-1681.json Normal file
View File

@ -0,0 +1,110 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1681",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all",
"version_value": "20.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. \n\nThe issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system.\n\nThis issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability.\n\nThis issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO.\n\nJunos OS is unaffected by this vulnerability."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11078",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11078"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11078",
"defect": [
"1494128"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

159
2020/1xxx/CVE-2020-1682.json Normal file
View File

@ -0,0 +1,159 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1682",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D220"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R3-S3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"platform": "SRX1500, SRX4100, SRX4200, vSRX, NFX150",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank The UK's National Cyber Security Centre (NCSC) for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition.\n\nThis issue only affects the SRX1500, SRX4100, SRX4200, NFX150, and vSRX-based platforms. No other products or platforms are affected by this vulnerability.\n\nThis issue affects the following versions of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, vSRX, NFX150:\n15.1X49 versions prior to 15.1X49-D220;\n17.4 versions prior to 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3.\nThis issue does not affect Junos OS 19.3 or any subsequent version."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11079",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11079"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, and 19.2R3.\n\nNote: This fix has also been proactively committed into other releases that might not be vulnerable to this issue.\n"
}
],
"source": {
"advisory": "JSA11079",
"defect": [
"1486905"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts."
}
]
}

200
2020/1xxx/CVE-2020-1683.json Normal file
View File

@ -0,0 +1,200 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1683",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "17.4",
"version_value": "17.4R3"
},
{
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R3-S5"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S10"
},
{
"version_affected": ">=",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"version_affected": ">=",
"version_name": "18.2X75",
"version_value": "18.2X75-D420, 18.2X75-D50"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D430, 18.2X75-D53, 18.2X75-D60"
},
{
"version_affected": ">=",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S2"
},
{
"version_affected": ">=",
"version_name": "18.4",
"version_value": "18.4R1-S4, 18.4R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S1"
},
{
"version_affected": ">=",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3"
},
{
"version_affected": ">=",
"version_name": "19.2",
"version_value": "19.2R1"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"version_affected": "!<",
"version_value": "17.4R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of minimum config stanza affected by this issue:\n [snmp]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore).\n\nPrior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device.\n\nThe administrator can monitor the output of the following command to check if there is memory leak caused by this issue:\n user@device> show system virtual-memory | match \"pfe_ipc|kmem\"\n pfe_ipc 147 5K - 164352 16,32,64,8192 <-- increasing\n vm.kmem_map_free: 127246336 <-- decreasing\n pfe_ipc 0 0K - 18598 32,8192\n vm.kmem_map_free: 134582272\n\n\n\n\n\nThis issue affects Juniper Networks Junos OS:\n17.4R3;\n18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10;\n18.2 version 18.2R3 and later versions prior to 18.2R3-S3;\n18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60;\n18.3 version 18.3R3 and later versions prior to 18.3R3-S2;\n18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1;\n19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3;\n19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S5, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 17.4R3."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11080",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11080"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.4R3-S1, 18.1R3-S10, 18.2R3-S3, 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D60, 18.3R3-S2, 18.4R2-S5, 18.4R3-S1, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S5, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11080",
"defect": [
"1482379"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
}
]
}

177
2020/1xxx/CVE-2020-1684.json Normal file
View File

@ -0,0 +1,177 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1684",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D105"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D221, 15.1X49-D230"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S1"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Application identification is enabled by default. Administrator can disable application identification with the CLI.\nTo disable application identification:\n user@host# set services application-identification no-application-identification\n user@host# commit\nOr (depending on the version)\n user@host# set system processes application-identification disable\n user@host# commit\n\nTo check whether is enabled, administrator can use the following command:\n user@host> show services application-identification application summary"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption.\n\nApplication identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n12.3X48 versions prior to 12.3X48-D105;\n15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230;\n17.4 versions prior to 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S3;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S2;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S1;\n19.1 versions prior to 19.1R2-S2, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R3;\n19.4 versions prior to 19.4R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11081",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11081"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D105, 15.1X49-D221, 15.1X49-D230, 17.4R3-S3, 18.1R3-S11, 18.2R3-S3, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S1, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R3, 19.4R2, 20.1R1,and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11081",
"defect": [
"1473151"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

152
2020/1xxx/CVE-2020-1685.json Normal file
View File

@ -0,0 +1,152 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1685",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S1"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S5, 18.3R2-S4, 18.3R3"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S1, 18.4R3"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "!",
"version_value": "18.1R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "A sample VXLAN configuration is shown below:\n\n evpn {\n encapsulation vxlan;\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to:\n\n family ethernet-switching {\n filter L2-VLAN {\n term ALLOW {\n from {\n user-vlan-id 100;\n }\n then {\n accept;\n }\n }\n term NON-MATCH {\n then {\n discard;\n }\n }\n\nwhen there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied.\n\nThis issue only affects systems using VXLANs.\nThis issue affects Juniper Networks Junos OS on QFX5K Series:\n18.1 versions prior to 18.1R3-S7, except 18.1R3;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S1;\n18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3;\n18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3;\n19.1 versions prior to 19.1R1-S5, 19.1R2;\n19.2 versions prior to 19.2R1-S5, 19.2R2.\n\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11082",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11082"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S7, 18.2R2-S7, 18.2R3-S1, 18.3R1-S5, 18.3R2-S4, 18.3R3, 18.4R1-S7, 18.4R2-S1, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11082",
"defect": [
"1446489"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid using the user-vlan-id match criteria.\n"
}
]
}

140
2020/1xxx/CVE-2020-1686.json Normal file
View File

@ -0,0 +1,140 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1686",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S4, 18.4R3-S1"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S1, 19.1R3"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
},
{
"version_affected": "!<",
"version_value": "18.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [interfaces <interface_name> unit <unit_num> family inet6] "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore).\n\nThis issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action.\n\nAn attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition.\n\nOnly IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue.\n\nThis issue affects Juniper Networks Junos OS\n18.4 versions prior to 18.4R2-S4, 18.4R3-S1;\n19.1 versions prior to 19.1R2-S1, 19.1R3;\n19.2 versions prior to 19.2R1-S5, 19.2R2;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2.\n\nThis issue does not affect Juniper Networks Junos OS prior to 18.4R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11083",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11083"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.4R2-S4, 18.4R3-S1, 19.1R2-S1, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 19.4R2-S1, 20.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11083",
"defect": [
"1486948"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Standard security best common practices such as limiting packet toward the RE only from trusted networks/host using firewall filter in combination with source address anti-spoofing should be applied to reduce the risk of exposure.\n\nIf traffic sampling is enabled, disabling traffic sampling will mitigate this issue.\nIf firewall filter with syslog and/or log action is enabled, disabling the syslog and/or log action will mitigate this issue.\n"
}
]
}

177
2020/1xxx/CVE-2020-1687.json Normal file
View File

@ -0,0 +1,177 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1687",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2, 17.4R3-S3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S2"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The example of the config stanza affected by this issue:\n [protocols bgp ... family evpn]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption.\n\nThis issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment.\n\nThe offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain.\nThis issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series:\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S3, 20.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11084",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11084"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2, 19.1R3-S2, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11084",
"defect": [
"1495890"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

219
2020/1xxx/CVE-2020-1688.json Normal file
View File

@ -0,0 +1,219 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T15:00:00.000Z",
"ID": "CVE-2020-1688",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX and NFX Series: Insufficient Web API private key protection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D105"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D190"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2,"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"platform": "SRX Series, NFX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S4, 19.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue affects SRX Series and NFX Series configured with Web API.\nThe example of the config stanza affected by this issue: \n [system services webapi https]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service.\n\nThis Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature.\n\nThis issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series:\n12.3X48 versions prior to 12.3X48-D105;\n15.1X49 versions prior to 15.1X49-D190;\n16.1 versions prior to 16.1R7-S8;\n17.2 versions prior to 17.2R3-S4;\n17.3 versions prior to 17.3R3-S8;\n17.4 versions prior to 17.4R2-S11, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S4, 18.3R3;\n18.4 versions prior to 18.4R1-S7, 18.4R2;\n19.1 versions prior to 19.1R2;\n19.2 versions prior to 19.2R1-S4, 19.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359 Exposure of Private Information ('Privacy Violation')"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-320 Key Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11085",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11085"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911",
"refsource": "MISC",
"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=KB30911"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-configure-jims.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-configure-jims.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-intergrated-user-firewall-overview.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-user-auth-intergrated-user-firewall-overview.html"
},
{
"name": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/services-webapi-user-cli.html",
"refsource": "MISC",
"url": "https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/services-webapi-user-cli.html"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D105, 15.1X49-D190, 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3, 18.1R3-S7, 18.2R3, 18.3R2-S4, 18.3R3, 18.4R1-S7, 18.4R2, 18.4R3, 19.1R2, 19.2R1-S4, 19.2R2, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11085",
"defect": [
"1289649"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Disallow unprivileged authenticated users access to Junos shell.\nLimit shell access to only trusted administrators. "
}
]
}

177
2020/1xxx/CVE-2020-1689.json Normal file
View File

@ -0,0 +1,177 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1689",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S11, 17.4R3-S2, 17.4R3-S3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S2"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S4, 19.3R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S1, 19.4R3"
},
{
"platform": "EX4300-MP Series, EX4600Series, QFX5K Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S3, 20.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "To check if virtual chassis is configured, the administrator can run the following command:\n user@switch> show virtual-chassis status\n Virtual Chassis Mode: Enabled"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption.\n\nThis issue does not occur when the device is deployed in Stand Alone configuration.\n\nThe offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected.\nThis issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series:\n17.3 versions prior to 17.3R3-S9;\n17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S5;\n18.3 versions prior to 18.3R2-S4, 18.3R3-S3;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S4;\n19.1 versions prior to 19.1R3-S2;\n19.2 versions prior to 19.2R1-S5, 19.2R3;\n19.3 versions prior to 19.3R2-S4, 19.3R3;\n19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;\n20.1 versions prior to 20.1R1-S3, 20.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11086",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11086"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2-S1, 19.4R3, 20.1R1-S3, 20.1R2, 20.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11086",
"defect": [
"1495890"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}