admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

juniper-2020-01-08 CVE publications, for more information see https://advisory.juniper.net

Browse Source
This commit is contained in:
Omar Gani 2020-01-14 17:56:27 +01:00
parent f265150396
commit e9710cc7f1
No known key found for this signature in database
GPG Key ID: ABCD916B751254A7
11 changed files with 2202 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

201
2020/1xxx/CVE-2020-1600.json Normal file
View File

@ -0,0 +1,201 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1600",
"STATE": "READY",
"TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D90"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D238, 15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S2"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S7"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S4, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S5"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D50"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required. The community \"public\" is minimal; other communities are impacted as well.\n\n [snmp community public]\n [logical-systems logical-system-name protocols mpls label-switched-path lsp-name]\n [protocols mpls label-switched-path]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition.\n\nThis issue affects both SNMP over IPv4 and IPv6. \n\nThis issue affects:\nJuniper Networks Junos OS:\n12.3X48 versions prior to 12.3X48-D90;\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S5;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S7;\n17.4 versions prior to 17.4R2-S4, 17.4R3;\n18.1 versions prior to 18.1R3-S5;\n18.2 versions prior to 18.2R3;\n18.2X75 versions prior to 18.2X75-D50;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R2.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185"
},
{
"name": "https://kb.juniper.net/JSA10979",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10979"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D200, 15.1R7-S6, 15.1X53-D238, 15.1X53-D592, 16.1R7-S5, 16.2R2-S11, 17.1R3-S1, 17.2R3-S2, 17.3R3-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10979",
"defect": [
"1402185"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "If SNMP is not needed, remove SNMP from the system, otherwise, there are no available workarounds for this issue. SNMP is disabled by default.\n\nAdditional steps which may reduce the risk of exploitation include: \nUtilizing edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts."
}
]
}

200
2020/1xxx/CVE-2020-1601.json Normal file
View File

@ -0,0 +1,200 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1601",
"STATE": "READY",
"TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S13, 15.1R7-S4"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D180"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S4"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S9"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S2"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S3"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S2, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.2R2-S6, 18.3R2"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S2, 18.4R2"
},
{
"version_affected": ">=",
"version_name": "17.2",
"version_value": "17.2R2"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D238, 15.1X53-D496, 15.1X53-D592"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n [protocols pcep pce pce-id destination-ipv4-address ipv4-address]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS).\n\nContinued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition.\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1F6-S13, 15.1R7-S4;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; \n16.1 versions prior to 16.1R7-S4;\n16.2 versions prior to 16.2R2-S9;\n17.1 versions prior to 17.1R2-S11, 17.1R3;\n17.2 versions prior to 17.2R1-S9;\n17.2 version 17.2R2 and later prior to 17.2R3-S2;\n17.3 versions prior to 17.3R3-S3;\n17.4 versions prior to 17.4R2-S2, 17.4R3;\n18.1 versions prior to 18.1R3-S2;\n18.2 versions prior to 18.2R2-S6, 18.2R3;\n18.2X75 versions prior to 18.2X75-D40;\n18.3 versions prior to 18.3R2;\n18.4 versions prior to 18.4R1-S2, 18.4R2.\n\nThis issue does not affect releases of Junos OS prior to 15.1R1. \n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "253 - Incorrect Check of Function Return Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205"
},
{
"name": "https://kb.juniper.net/JSA10980",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10980"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S13, 15.1R7-S4, 15.1X49-D180, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R7-S4, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S2, 17.3R3-S3, 17.4R2-S2, 17.4R2-S4, 17.4R3, 18.1R3-S2, 18.2R2-S6, 18.2R3, 18.2X75-D40, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10980",
"defect": [
"1395205"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue."
}
]
}

235
2020/1xxx/CVE-2020-1602.json Normal file
View File

@ -0,0 +1,235 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1602",
"STATE": "READY",
"TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S7, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R1, 19.3R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D60"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "Junos Evolved",
"version_affected": "<",
"version_value": "19.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]"
}
],
"credit": [
{
"lang": "eng",
"value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. \n\nThis issue affect IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Execution of Process"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10981",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10981"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
}
],
"source": {
"advisory": "JSA10981",
"defect": [
"1449353"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
}
]
}

194
2020/1xxx/CVE-2020-1603.json Normal file
View File

@ -0,0 +1,194 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1603",
"STATE": "READY",
"TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D50, 18.2X75-D410"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S6, 18.4R2-S2, 18.4R3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
},
{
"version_affected": ">=",
"version_name": "16.1",
"version_value": "16.1X70-D10"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue may occur when an interface is configured with IPv6.\nFor example: \n [interfaces fe-1/2/0 unit 1 family inet6 address 2001:db8:0:1::/64] "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. \n\nDuring the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. \nContinued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. \n\nScenarios which have been observed are: \n1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled.\n2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device.\n3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - \n3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed.\n4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario.\n\n \n \n\n\n\n\n\nThis issue affects:\nJuniper Networks Junos OS\n16.1 versions prior to 16.1R7-S6;\n16.1 version 16.1X70-D10 and later; \n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect releases prior to Junos OS 16.1R1.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-710 Improper Adherence to Coding Standards"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10982",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10982"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S7, 18.2R3-S2, 18.2X75-D50, 18.2X75-D410, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S6, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10982",
"defect": [
"1443576"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Remove 'family inet6' from interfaces. Otherwise, there are no available workarounds for this issue.\n\nIndicators of compromise can be found by reviewing RE logs for entries which match in \" \" :\n\"/kernel: Mbuf: High Utililization Level\"\n\nAdditionally, you may issue the follow command from time to time to determine if your mbufs are climbing or are being released by reviewing across two separate times.\n\nThe required privilege level to run the command is: view.\nshow system buffers"
}
]
}

180
2020/1xxx/CVE-2020-1604.json Normal file
View File

@ -0,0 +1,180 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1604",
"STATE": "READY",
"TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX5100 Series and EX4600 Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D12"
},
{
"platform": "QFX3500 Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D52"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D48"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3"
},
{
"platform": "EX4300 Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue affects Junos OS device with stateless IPv4 or IPv6 firewall filter configured:\n [firewall family inet filter]\n [firewall family inet6 filter]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail.\n\nThis issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE).\nThis issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts.\n\nThis issue may occur when evaluating both IPv4 or IPv6 packets.\nThis issue affects Juniper Networks Junos OS:\n14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series;\n14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series;\n14.1X53 versions prior to 14.1X53-D48 on EX4300 Series;\n15.1 versions prior to 15.1R7-S3 on EX4300 Series;\n16.1 versions prior to 16.1R7 on EX4300 Series;\n17.1 versions prior to 17.1R3 on EX4300 Series;\n17.2 versions prior to 17.2R3 on EX4300 Series;\n17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series;\n17.4 versions prior to 17.4R2 on EX4300 Series;\n18.1 versions prior to 18.1R3 on EX4300 Series;\n18.2 versions prior to 18.2R2 on EX4300 Series."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10983",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10983"
}
]
},
"solution": [
{
"lang": "eng",
"value": "For QFX5100 Series and EX4600 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D12 and all subsequent releases.\n\nFor QFX3500 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D52 and all subsequent releases.\n\nFor EX4300 Series: \nThe following software releases have been updated to resolve this specific issue: 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10983",
"defect": [
"1026708",
"1458027",
"1343402",
"1377189"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n\n"
}
]
}

227
2020/1xxx/CVE-2020-1605.json Normal file
View File

@ -0,0 +1,227 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1605",
"STATE": "READY",
"TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S7, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R1, 19.3R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D60"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "Junos Evolved",
"version_affected": "<",
"version_value": "19.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]"
}
],
"credit": [
{
"lang": "eng",
"value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv4 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10981",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10981"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
}
],
"source": {
"advisory": "JSA10981",
"defect": [
"1449353"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
}
]
}

216
2020/1xxx/CVE-2020-1606.json Normal file
View File

@ -0,0 +1,216 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1606",
"STATE": "READY",
"TITLE": "Junos OS: Path traversal vulnerability in J-Web"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S13"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D85"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D51"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S13"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D180"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D238"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R4-S13, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S10"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S2"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S5"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S9, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S3, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]"
}
],
"credit": [
{
"lang": "eng",
"value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission.\nThis issue does not affect system files that can be accessed only by root user.\n\nThis issue affects Juniper Networks Junos OS:\n12.3 versions prior to 12.3R12-S13;\n12.3X48 versions prior to 12.3X48-D85 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D180 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S9, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3;\n18.3 versions prior to 18.3R2-S3, 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10985",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10985"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R2-S3, 18.3R3, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10985",
"defect": [
"1431298"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Limit access to the J-Web interface to only trusted users to reduce risks of exploitation of this vulnerability."
}
]
}

216
2020/1xxx/CVE-2020-1607.json Normal file
View File

@ -0,0 +1,216 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1607",
"STATE": "READY",
"TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D86, 12.3X48-D90"
},
{
"platform": "EX and QFX Series",
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D51"
},
{
"version_affected": "<",
"version_name": "15.1F6",
"version_value": "15.1F6-S13"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S5"
},
{
"platform": "SRX Series",
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D181, 15.1X49-D190"
},
{
"platform": "QFX5200/QFX5110 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D238"
},
{
"platform": "EX2300/EX3400 Series",
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R4-S13, 16.1R7-S5"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S10"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S2"
},
{
"version_affected": "=",
"version_name": "17.2",
"version_value": "17.2R2"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S5"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S6, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S5, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S1, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S2, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https"
}
],
"credit": [
{
"lang": "eng",
"value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. \n\n\nThis issue affects Juniper Networks Junos OS\n12.3 versions prior to 12.3R12-S15;\n12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series;\n14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series;\n15.1F6 versions prior to 15.1F6-S13;\n15.1 versions prior to 15.1R7-S5;\n15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series;\n15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series;\n15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series;\n16.1 versions prior to 16.1R4-S13, 16.1R7-S5;\n16.2 versions prior to 16.2R2-S10;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R1-S9, 17.2R3-S2;\n17.3 versions prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions prior to 17.4R2-S6, 17.4R3;\n18.1 versions prior to 18.1R3-S7;\n18.2 versions prior to 18.2R2-S5, 18.2R3;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2;\n19.1 versions prior to 19.1R1-S2, 19.1R2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10986",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10986"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13,15.1R7-S5, 15.1X49-D181, 15.1X49-D190, 15.1X53-D238, 15.1X53-D592, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10,17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S6, 17.4R3, 18.1R3-S7,18.2R2-S5, 18.2R3, 18.3R1-S6, 18.3R2-S1, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10986",
"defect": [
"1434553"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Access the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access. \nAlternatively, disable J-Web. \n"
}
]
}

200
2020/1xxx/CVE-2020-1608.json Normal file
View File

@ -0,0 +1,200 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1608",
"STATE": "READY",
"TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "17.2",
"version_value": "17.2R2-S6, 17.2R3 "
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S3"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "17.3",
"version_value": "17.3R2-S4, 17.3R3-S2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S5"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S7,17.4R3"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R2-S3, 18.1R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S6"
},
{
"platform": "MX Series",
"version_affected": ">=",
"version_name": "18.2",
"version_value": "18.2R1-S1, 18.2R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S2 "
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D51, 18.2X75-D60"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"platform": "MX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S2, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "!<",
"version_value": "17.2R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot.\n\nThe issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms.\n\n\nThis issue affects MX Series running Juniper Networks Junos OS:\n17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3;\n17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5;\n17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3;\n18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6;\n18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60;\n18.3 versions prior to 18.3R3;\n18.4 versions prior to 18.4R2;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S2, 19.2R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10987",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10987"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA10987",
"defect": [
"1432957"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue."
}
]
}

227
2020/1xxx/CVE-2020-1609.json Normal file
View File

@ -0,0 +1,227 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1609",
"STATE": "READY",
"TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D592"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S6"
},
{
"version_affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S11"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S1"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S6"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S7, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S2"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
},
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S3, 19.2R2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R1, 19.3R2"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D60"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"platform": "Junos Evolved",
"version_affected": "<",
"version_value": "19.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]"
}
],
"credit": [
{
"lang": "eng",
"value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device.\n\nThis issue affects IPv6 JDHCPD services. \n\nThis issue affects:\nJuniper Networks Junos OS:\n15.1 versions prior to 15.1R7-S6;\n15.1X49 versions prior to 15.1X49-D200;\n15.1X53 versions prior to 15.1X53-D592;\n16.1 versions prior to 16.1R7-S6;\n16.2 versions prior to 16.2R2-S11;\n17.1 versions prior to 17.1R2-S11, 17.1R3-S1;\n17.2 versions prior to 17.2R2-S8, 17.2R3-S3;\n17.3 versions prior to 17.3R3-S6;\n17.4 versions prior to 17.4R2-S7, 17.4R3;\n18.1 versions prior to 18.1R3-S8;\n18.2 versions prior to 18.2R3-S2;\n18.2X75 versions prior to 18.2X75-D60;\n18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3;\n18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3;\n19.1 versions prior to 19.1R1-S3, 19.1R2;\n19.2 versions prior to 19.2R1-S3, 19.2R2*.\n \nand\n\nAll versions prior to 19.3R1 on Junos OS Evolved.\n\nThis issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.\n"
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10981",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10981"
},
{
"name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353",
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
}
],
"source": {
"advisory": "JSA10981",
"defect": [
"1449353"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
}
]
}

106
2020/1xxx/CVE-2020-1611.json Normal file
View File

@ -0,0 +1,106 @@
{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
"ID": "CVE-2020-1611",
"STATE": "READY",
"TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "19.4R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.\nThis issue affects:\nJuniper Networks Junos Space\nversions prior to 19.4R1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10993"
},
{
"refsource": "MISC",
"url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA10993",
"defect": [
"1449224"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users."
}
]
}