cnvd - cnvd-2020-13884

cnvd-2020-13884

Vulnerability from cnvd

Title: Juniper Networks Junos OS JDHCPD IPv4命令注入漏洞

Description:

Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。

Juniper Networks Junos OS Dynamic Host Configuration Protocol Daemon (JDHCPD)存在安全漏洞，远程攻击者可以利用该漏洞提交特殊的IPv4请求，可以ROOT权限执行任意命令。

Severity: 高

Patch Name: Juniper Networks Junos OS JDHCPD IPv4命令注入漏洞的补丁

Patch Description:

Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。

Juniper Networks Junos OS Dynamic Host Configuration Protocol Daemon (JDHCPD)存在安全漏洞，远程攻击者可以利用该漏洞提交特殊的IPv4请求，可以ROOT权限执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-1605

Impacted products

Name
['Juniper Networks Junos OS 15.1', 'Juniper Networks Junos OS 15.1X49', 'Juniper Networks Junos OS 16.2', 'Juniper Networks Junos OS 17.3', 'Juniper Networks Junos OS 18.2', 'Juniper Networks Junos OS 15.1X53', 'Juniper Networks Junos OS 16.1', 'Juniper Networks Junos OS 17.1', 'Juniper Networks Junos OS 17.2', 'Juniper Networks Junos OS 17.4', 'Juniper Networks Junos OS 18.1', 'Juniper Networks Junos OS 18.3', 'Juniper Networks Junos OS 18.4', 'Juniper Networks Junos OS 19.1', 'Juniper Networks Junos OS 19.2', 'Juniper Networks Junos OS 19.3']

Name

['Juniper Networks Junos OS 15.1', 'Juniper Networks Junos OS 15.1X49', 'Juniper Networks Junos OS 16.2', 'Juniper Networks Junos OS 17.3', 'Juniper Networks Junos OS 18.2', 'Juniper Networks Junos OS 15.1X53', 'Juniper Networks Junos OS 16.1', 'Juniper Networks Junos OS 17.1', 'Juniper Networks Junos OS 17.2', 'Juniper Networks Junos OS 17.4', 'Juniper Networks Junos OS 18.1', 'Juniper Networks Junos OS 18.3', 'Juniper Networks Junos OS 18.4', 'Juniper Networks Junos OS 19.1', 'Juniper Networks Junos OS 19.2', 'Juniper Networks Junos OS 19.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1605",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1605"
    }
  },
  "description": "Juniper Networks Junos OS\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nJuniper Networks Junos OS Dynamic Host Configuration Protocol Daemon (JDHCPD)\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684IPv4\u8bf7\u6c42\uff0c\u53ef\u4ee5ROOT\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-13884",
  "openTime": "2020-02-27",
  "patchDescription": "Juniper Networks Junos OS\u662f\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper Networks Junos OS Dynamic Host Configuration Protocol Daemon (JDHCPD)\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684IPv4\u8bf7\u6c42\uff0c\u53ef\u4ee5ROOT\u6743\u9650\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks Junos OS JDHCPD IPv4\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Junos OS 15.1",
      "Juniper Networks Junos OS  15.1X49",
      "Juniper Networks Junos OS 16.2",
      "Juniper Networks Junos OS 17.3",
      "Juniper Networks Junos OS 18.2",
      "Juniper Networks Junos OS  15.1X53",
      "Juniper Networks Junos OS  16.1",
      "Juniper Networks Junos OS  17.1",
      "Juniper Networks Junos OS  17.2",
      "Juniper Networks Junos OS  17.4",
      "Juniper Networks Junos OS  18.1",
      "Juniper Networks Junos OS  18.3",
      "Juniper Networks Junos OS  18.4",
      "Juniper Networks Junos OS 19.1",
      "Juniper Networks Junos OS  19.2",
      "Juniper Networks Junos OS  19.3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1605",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-15",
  "title": "Juniper Networks Junos OS JDHCPD IPv4\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-1605 (GCVE-0-2020-1605)

Vulnerability from cvelistv5

Published

2020-01-15 08:40

Modified

2024-09-17 00:31

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-78 - OS Command Injection

Summary

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

References

▼	URL	Tags
	https://kb.juniper.net/JSA10981	x_refsource_CONFIRM
	https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Juniper Networks

Junos OS

Version: 15.1   < 15.1R7-S6
Version: 15.1X49   < 15.1X49-D200
Version: 15.1X53   < 15.1X53-D592
Version: 16.1   < 16.1R7-S6
Version: 16.2   < 16.2R2-S11
Version: 17.1   < 17.1R2-S11, 17.1R3-S1
Version: 17.2   < 17.2R2-S8, 17.2R3-S3
Version: 17.3   < 17.3R3-S6
Version: 17.4   < 17.4R2-S7, 17.4R3
Version: 18.1   < 18.1R3-S8
Version: 18.2   < 18.2R3-S2
Version: 18.3   < 18.3R1-S6, 18.3R2-S2, 18.3R3
Version: 18.4   < 18.4R1-S5, 18.4R2-S3, 18.4R3
Version: 19.1   < 19.1R1-S3, 19.1R2
Version: 19.2   < 19.2R1-S3, 19.2R2
Version: 19.3   < 19.3R1, 19.3R2
Version: 18.2X75   < 18.2X75-D60

Juniper Networks

Junos OS Evolved

Version: unspecified < 19.3R1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:39:10.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S6",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D200",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X53-D592",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S6",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R2-S11",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S11, 17.1R3-S1",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R2-S8, 17.2R3-S3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S6",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S7, 17.4R3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S8",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S2",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S6, 18.3R2-S2, 18.3R3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S3, 19.1R2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S3, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R1, 19.3R2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2X75-D60",
              "status": "affected",
              "version": "18.2X75",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Junos Evolved"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.3R1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The following minimal configuration is required: \n  [forwarding-options dhcp-relay]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Longfei Fan from Codesafe Team of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "datePublic": "2020-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When a device using Juniper Network\u0027s Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T08:40:36",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10981"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5,  18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
        }
      ],
      "source": {
        "advisory": "JSA10981",
        "defect": [
          "1449353"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device.",
      "workarounds": [
        {
          "lang": "en",
          "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
          "ID": "CVE-2020-1605",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D200"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D592"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R2-S11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S11, 17.1R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R2-S8, 17.2R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S7, 17.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S3, 19.1R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S3, 19.2R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R1, 19.3R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D60"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS Evolved",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Junos Evolved",
                            "version_affected": "\u003c",
                            "version_value": "19.3R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The following minimal configuration is required: \n  [forwarding-options dhcp-relay]"
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Longfei Fan from Codesafe Team of Legendsec at Qi\u0027anxin Group"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When a device using Juniper Network\u0027s Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121 Stack-based Buffer Overflow"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10981",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10981"
            },
            {
              "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353",
              "refsource": "MISC",
              "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5,  18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
          }
        ],
        "source": {
          "advisory": "JSA10981",
          "defect": [
            "1449353"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1605",
    "datePublished": "2020-01-15T08:40:36.208481Z",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-09-17T00:31:22.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted