admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated CONFIRM references with Juniper JSA URLs. Also added CVE-2020-1633.

Browse Source
This commit is contained in:
Dave Dugal 2020-04-09 10:57:42 -04:00
parent 29587a6766
commit 7efdffd82d
No known key found for this signature in database
GPG Key ID: C5BBC32B0B71727A
11 changed files with 199 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2020/1xxx/CVE-2020-1615.json
View File

@ -105,7 +105,7 @@
"description_data": [
{
"lang": "eng",
"value": "The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX."
"value": "The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization.\n\nThis issue affects Juniper Networks Junos OS:\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX;\n17.2 versions prior to 17.2R3-S3 on vMX;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX;\n17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX;\n18.1 versions prior to 18.1R3-S9 on vMX;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX;\n18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX;\n19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX;\n19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX;\n19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX."
}
]
},
@ -149,9 +149,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA10998",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10998"
}
]
},

8
2020/1xxx/CVE-2020-1620.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log.\nThis issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},

8
2020/1xxx/CVE-2020-1621.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1."
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces.\nThis issue affects all versions of Junos OS Evolved prior to 19.3R1."
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},

8
2020/1xxx/CVE-2020-1622.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore.\nThis issue affects all versions of Junos OS Evolved prior to 19.1R1.\n"
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},

8
2020/1xxx/CVE-2020-1623.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1."
"value": "A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file.\nThis issue affects all versions of Junos OS Evolved prior to 19.2R1."
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},

8
2020/1xxx/CVE-2020-1624.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1."
"value": "A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files.\nThis issue affects all versions of Junos OS Evolved prior to 19.1R1.\n"
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11003",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11003"
}
]
},

8
2020/1xxx/CVE-2020-1625.json
View File

@ -104,7 +104,7 @@
"description_data": [
{
"lang": "eng",
"value": "The kernel memory usage represented as \"temp\" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of \"temp\" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below: user@junos> show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 user@junos> show system virtual-memory |match \"fpc|type|temp\" fpc0: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 fpc1: -------------------------------------------------------------------------- Type InUse MemUse HighUse Requests Size(s) temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608 This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S5, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60; 18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2. This issue does not affect Juniper Networks Junos OS 12.3 and 15.1."
"value": "The kernel memory usage represented as \"temp\" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition.\n\nUsage of \"temp\" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual-memory' command as shown below:\n\n user@junos> show system virtual-memory |match \"fpc|type|temp\" \n fpc0:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2023 431K - 10551 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n fpc1:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2020 431K - 6460 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n \n user@junos> show system virtual-memory |match \"fpc|type|temp\" \n fpc0:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2023 431K - 16101 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n fpc1:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2020 431K - 6665 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n \n user@junos> show system virtual-memory |match \"fpc|type|temp\" \n fpc0:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2023 431K - 21867 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n fpc1:\n --------------------------------------------------------------------------\n Type InUse MemUse HighUse Requests Size(s)\n temp 2020 431K - 6858 16,32,64,128,256,512,1024,2048,4096,65536,262144,1048576,2097152,4194304,8388608\n\nThis issue affects Juniper Networks Junos OS:\n16.1 versions prior to 16.1R7-S6;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.2X75 versions prior to 17.2X75-D44;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S6;\n17.4 versions prior to 17.4R2-S5, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60;\n18.3 versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS 12.3 and 15.1."
}
]
},
@ -148,9 +148,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11004",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11004"
}
]
},

8
2020/1xxx/CVE-2020-1626.json
View File

@ -37,7 +37,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
"value": "A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. \n\nThis issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue.\n\nThis issue affects all version of Junos OS Evolved prior to 19.1R1-EVO."
}
]
},
@ -81,9 +81,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11005",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11005"
},
{
"name": "https://tools.ietf.org/html/rfc6192",

8
2020/1xxx/CVE-2020-1627.json
View File

@ -69,7 +69,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service. Flow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode. This issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash. When the issue occurs, a core dump and riot log file entry are generated. For example: /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz /home/pfe/RIOT logs: fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc(): fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc(): This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3 on vMX and MX150; 18.2 versions prior to 18.2R3 on vMX and MX150; 18.2X75 versions prior to 18.2X75-D60 on vMX and MX150; 18.3 versions prior to 18.3R3 on vMX and MX150; 18.4 versions prior to 18.4R2 on vMX and MX150; 19.1 versions prior to 19.1R2 on vMX and MX150. This issue does not affect Junos OS versions prior to 18.1R1."
"value": "A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending the same specific packets, an attacker can repeatedly crash the riot process causing a sustained Denial of Service.\n\nFlow cache is specific to vMX based products and the MX150, and is enabled by default in performance mode.\n\nThis issue can only be triggered by traffic destined to the device. Transit traffic will not cause the riot daemon to crash.\n\nWhen the issue occurs, a core dump and riot log file entry are generated. For example:\n\n /var/crash/core.J-UKERN.mpc0.1557255993.3864.gz\n\n /home/pfe/RIOT logs:\n fpc0 riot[1888]: PANIC in lu_reorder_send_packet_postproc():\n fpc0 riot[6655]: PANIC in lu_reorder_send_packet_postproc():\n\nThis issue affects Juniper Networks Junos OS:\n18.1 versions prior to 18.1R3 on vMX and MX150;\n18.2 versions prior to 18.2R3 on vMX and MX150;\n18.2X75 versions prior to 18.2X75-D60 on vMX and MX150;\n18.3 versions prior to 18.3R3 on vMX and MX150;\n18.4 versions prior to 18.4R2 on vMX and MX150;\n19.1 versions prior to 19.1R2 on vMX and MX150.\nThis issue does not affect Junos OS versions prior to 18.1R1.\n"
}
]
},
@ -113,9 +113,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11006",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11006"
}
]
},

8
2020/1xxx/CVE-2020-1628.json
View File

@ -129,7 +129,7 @@
"description_data": [
{
"lang": "eng",
"value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300."
"value": "Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability.\n\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D53 on EX4300;\n15.1 versions prior to 15.1R7-S6 on EX4300;\n15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300;\n16.1 versions prior to 16.1R7-S7 on EX4300;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300;\n17.2 versions prior to 17.2R3-S3 on EX4300;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300;\n17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300;\n18.1 versions prior to 18.1R3-S8 on EX4300;\n18.2 versions prior to 18.2R3-S2 on EX4300;\n18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300;\n19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300;\n19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300;\n19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300."
}
]
},
@ -173,9 +173,9 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/",
"name": "https://kb.juniper.net/"
"name": "https://kb.juniper.net/JSA11008",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11008"
}
]
},

159
2020/1xxx/CVE-2020-1633.json Normal file
View File

@ -0,0 +1,159 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-04-08T16:00:00.000Z",
"ID": "CVE-2020-1633",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S9"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S2, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The proxy ARP/NDP feature is enabled by default for EVPNs. A sample EVPN configuration is shown below:\n\n [routing-instances <name> protocols evpn]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, leading to a Denial of Service (DoS) condition.\n\nThis issue only affects Junos OS 17.4 and later releases. Prior releases do not support this feature and are unaffected by this vulnerability.\n\nThis issue only affects IPv6. IPv4 ARP proxy is unaffected by this vulnerability.\nThis issue affects Juniper Networks Junos OS:\n17.4 versions prior to 17.4R2-S9, 17.4R3 on MX Series;\n18.1 versions prior to 18.1R3-S9 on MX Series;\n18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on MX Series;\n18.2X75 versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 on MX Series;\n18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3 on MX Series;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S2, 18.4R3 on MX Series;\n19.1 versions prior to 19.1R1-S4, 19.1R2 on MX Series;\n19.2 versions prior to 19.2R1-S3, 19.2R2 on MX Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11012",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11012"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1-S5, 18.4R2-S2, 18.4R3, 19.1R1-S4, 19.1R2, 19.2R1-S3, 19.2R2, 19.3R1, 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11012",
"defect": [
"1451959"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Configure 'no-arp-suppression' to disable Proxy ARP/NDP feature. For example:\n\n [routing-instances <name> protocols evpn]\n # set no-arp-suppression\n"
}
]
}