mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
177 lines
8.3 KiB
JSON
177 lines
8.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "sirt@juniper.net",
|
|
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
|
|
"ID": "CVE-2020-1670",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Junos OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "17.3",
|
|
"version_value": "17.3R3-S9"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "17.4",
|
|
"version_value": "17.4R2-S11, 17.4R3-S2"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "18.1",
|
|
"version_value": "18.1R3-S10"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "18.2",
|
|
"version_value": "18.2R3-S4"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "18.3",
|
|
"version_value": "18.3R2-S4, 18.3R3-S2"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "18.4",
|
|
"version_value": "18.4R2-S4, 18.4R3-S2"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "19.1",
|
|
"version_value": "19.1R2-S2, 19.1R3-S1"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "19.2",
|
|
"version_value": "19.2R1-S5, 19.2R2-S1, 19.2R3"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "19.3",
|
|
"version_value": "19.3R2-S4, 19.3R3"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "19.4",
|
|
"version_value": "19.4R1-S3, 19.4R2"
|
|
},
|
|
{
|
|
"platform": "EX4300 series",
|
|
"version_affected": "<",
|
|
"version_name": "20.1",
|
|
"version_value": "20.1R1-S3, 20.1R2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The example of the configuration stanza affected by this issue is as follows:\n [interfaces irb unit <UNIT_NUMBER>]"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-400 Uncontrolled Resource Consumption"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://kb.juniper.net/",
|
|
"name": "https://kb.juniper.net/"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The following software releases have been updated to resolve this specific issue: 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10, 18.2R3-S4, 18.3R2-S4, 18.3R3-S2, 18.4R2-S4, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2-S1, 19.2R3, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S3, 20.1R2, 20.2R1 and all subsequent releases.\n"
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "JSA11067",
|
|
"defect": [
|
|
"1495129"
|
|
],
|
|
"discovery": "USER"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There are no viable workarounds for this issue."
|
|
}
|
|
]
|
|
} |