admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/1xxx/CVE-2020-1643.json
CVE Team 704b2f564a
"-Synchronized-Data."
2020-07-17 19:01:36 +00:00

181 lines
9.2 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T16:00:00.000Z",
"ID": "CVE-2020-1643",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX Series: RPD crash when executing specific \"show ospf interface\" commands from the CLI with OSPF authentication configured"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.3X48",
"version_value": "12.3X48-D100"
},
{
"version_affected": "<",
"version_name": "14.1X53",
"version_value": "14.1X53-D140, 14.1X53-D54"
},
{
"version_affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S7"
},
{
"version_affected": "<",
"version_name": "15.1X49",
"version_value": "15.1X49-D210"
},
{
"version_affected": "<",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S8"
},
{
"version_affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S12"
},
{
"version_affected": "<",
"version_name": "17.2",
"version_value": "17.2R3-S4"
},
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R2-S2, 17.4R3"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S2"
},
{
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2, 18.2R3"
},
{
"version_affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D40"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S2, 18.3R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "An example of a vulnerable configuration with OSPF authentication enabled is shown below:\n\n area 0.0.0.0 {\n interface ae0.0 {\n authentication {\n md5 0 key \"$9$XyZzYxYzZyXyZzYxYzZy\"; ## SECRET-DATA\n }\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Execution of the \"show ospf interface extensive\" or \"show ospf interface detail\" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Note: Only systems utilizing ARM processors, found on the EX2300 and EX3400, are vulnerable to this issue. Systems shipped with other processor architectures are not vulnerable to this issue. The processor architecture can be displayed via the 'uname -a' command. For example: ARM (vulnerable): % uname -a | awk '{print $NF}' arm PowerPC (not vulnerable): % uname -a | awk '{print $NF}' powerpc AMD (not vulnerable): % uname -a | awk '{print $NF}' amd64 Intel (not vulnerable): % uname -a | awk '{print $NF}' i386 This issue affects Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D100; 14.1X53 versions prior to 14.1X53-D140, 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D210; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S2, 18.3R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-755 Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11030",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11030"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D100, 14.1X53-D140, 14.1X53-D54, 15.1R7-S7, 15.1X49-D210, 15.1X53-D593, 16.1R7-S8, 17.1R2-S12, 17.2R3-S4, 17.3R3-S8, 17.4R2-S2, 17.4R3, 18.1R3-S2, 18.2R2, 18.2X75-D40, 18.3R1-S2, 18.3R2, 18.4R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11030",
"defect": [
"1385014"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Limit access to the Junos CLI and shell to only trusted administrators.\n\nRestrict access to \"show ospf interface extensive\" or \"show ospf interface detail\" via command authorization until an upgrade can be performed."
}
]
}
Reference in New Issue View Git Blame Copy Permalink