admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/1xxx/CVE-2020-1685.json
CVE Team b3e216efb7
"-Synchronized-Data."
2020-10-16 21:01:46 +00:00

152 lines
7.0 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1685",
"STATE": "PUBLIC",
"TITLE": "Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S7"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3-S1"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R1-S5, 18.3R2-S4, 18.3R3"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S7, 18.4R2-S1, 18.4R3"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S5, 19.1R2"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "EX4600, QFX5K Series",
"version_affected": "!",
"version_value": "18.1R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "A sample VXLAN configuration is shown below:\n\n evpn {\n encapsulation vxlan;\n }\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11082",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11082"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S7, 18.2R2-S7, 18.2R3-S1, 18.3R1-S5, 18.3R2-S4, 18.3R3, 18.4R1-S7, 18.4R2-S1, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11082",
"defect": [
"1446489"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Avoid using the user-vlan-id match criteria.\n"
}
]
}
Reference in New Issue View Git Blame Copy Permalink