cnvd - cnvd-2020-29640

cnvd-2020-29640

Vulnerability from cnvd

Title: Juniper Networks Junos OS和Junos OS Evolved资源管理错误漏洞

Description:

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。

Juniper Networks Junos OS和Junos OS Evolved中的IPv4 JDHCPD服务存在资源管理错误漏洞。攻击者可通过发送特制的IPv4数据包利用该漏洞控制JDHDCP进程的代码执行过程。

Severity: 高

Patch Name: Juniper Networks Junos OS和Junos OS Evolved资源管理错误漏洞的补丁

Patch Description:

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。

Juniper Networks Junos OS和Junos OS Evolved中的IPv4 JDHCPD服务存在资源管理错误漏洞。攻击者可通过发送特制的IPv4数据包利用该漏洞控制JDHDCP进程的代码执行过程。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981

Reference: https://kb.juniper.net/JSA10981

Impacted products

Name
['Juniper Networks Juniper Networks Junos OS 15.1', 'Juniper Networks Juniper Networks Junos OS 15.1X49', 'Juniper Networks Juniper Networks Junos OS 15.1X53', 'Juniper Networks Juniper Networks Junos OS 16.2', 'Juniper Networks Juniper Networks Junos OS 17.1', 'Juniper Networks Juniper Networks Junos OS 17.2', 'Juniper Networks Juniper Networks Junos OS 17.3', 'Juniper Networks Juniper Networks Junos OS 17.4', 'Juniper Networks Juniper Networks Junos OS 18.1', 'Juniper Networks Juniper Networks Junos OS 18.2', 'Juniper Networks Juniper Networks Junos OS 18.3', 'Juniper Networks Juniper Networks Junos OS 18.4', 'Juniper Networks Juniper Networks Junos OS 16.1', 'Juniper Networks Juniper Networks Junos OS 19.1', 'Juniper Networks Juniper Networks Junos OS 19.2', 'Juniper Networks Juniper Networks Junos OS 19.3', 'Juniper Networks Junos OS Evolved <19.3R1']

Name

['Juniper Networks Juniper Networks Junos OS 15.1', 'Juniper Networks Juniper Networks Junos OS 15.1X49', 'Juniper Networks Juniper Networks Junos OS 15.1X53', 'Juniper Networks Juniper Networks Junos OS 16.2', 'Juniper Networks Juniper Networks Junos OS 17.1', 'Juniper Networks Juniper Networks Junos OS 17.2', 'Juniper Networks Juniper Networks Junos OS 17.3', 'Juniper Networks Juniper Networks Junos OS 17.4', 'Juniper Networks Juniper Networks Junos OS 18.1', 'Juniper Networks Juniper Networks Junos OS 18.2', 'Juniper Networks Juniper Networks Junos OS 18.3', 'Juniper Networks Juniper Networks Junos OS 18.4', 'Juniper Networks Juniper Networks Junos OS 16.1', 'Juniper Networks Juniper Networks Junos OS 19.1', 'Juniper Networks Juniper Networks Junos OS 19.2', 'Juniper Networks Juniper Networks Junos OS 19.3', 'Juniper Networks Junos OS Evolved <19.3R1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1602",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1602"
    }
  },
  "description": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\n\nJuniper Networks Junos OS\u548cJunos OS Evolved\u4e2d\u7684IPv4 JDHCPD\u670d\u52a1\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684IPv4\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236JDHDCP\u8fdb\u7a0b\u7684\u4ee3\u7801\u6267\u884c\u8fc7\u7a0b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-29640",
  "openTime": "2020-05-24",
  "patchDescription": "Juniper Networks Junos OS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8e\u8be5\u516c\u53f8\u7684\u786c\u4ef6\u8bbe\u5907\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u64cd\u4f5c\u7cfb\u7edf\u63d0\u4f9b\u4e86\u5b89\u5168\u7f16\u7a0b\u63a5\u53e3\u548cJunos SDK\u3002\r\n\r\nJuniper Networks Junos OS\u548cJunos OS Evolved\u4e2d\u7684IPv4 JDHCPD\u670d\u52a1\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684IPv4\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236JDHDCP\u8fdb\u7a0b\u7684\u4ee3\u7801\u6267\u884c\u8fc7\u7a0b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks Junos OS\u548cJunos OS Evolved\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Juniper Networks Junos OS 15.1",
      "Juniper Networks Juniper Networks Junos OS 15.1X49",
      "Juniper Networks Juniper Networks Junos OS 15.1X53",
      "Juniper Networks Juniper Networks Junos OS 16.2",
      "Juniper Networks Juniper Networks Junos OS 17.1",
      "Juniper Networks Juniper Networks Junos OS 17.2",
      "Juniper Networks Juniper Networks Junos OS 17.3",
      "Juniper Networks Juniper Networks Junos OS 17.4",
      "Juniper Networks Juniper Networks Junos OS 18.1",
      "Juniper Networks Juniper Networks Junos OS 18.2",
      "Juniper Networks Juniper Networks Junos OS 18.3",
      "Juniper Networks Juniper Networks Junos OS 18.4",
      "Juniper Networks Juniper Networks Junos OS 16.1",
      "Juniper Networks Juniper Networks Junos OS 19.1",
      "Juniper Networks Juniper Networks Junos OS 19.2",
      "Juniper Networks Juniper Networks Junos OS 19.3",
      "Juniper Networks Junos OS Evolved \u003c19.3R1"
    ]
  },
  "referenceLink": "https://kb.juniper.net/JSA10981",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-04",
  "title": "Juniper Networks Junos OS\u548cJunos OS Evolved\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-1602 (GCVE-0-2020-1602)

Vulnerability from cvelistv5

Published

2020-01-15 08:40

Modified

2024-09-16 16:43

Severity ?

7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE

Denial of Service
Code Execution of Process
CWE-416 - Use After Free

Summary

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

References

▼	URL	Tags
	https://kb.juniper.net/JSA10981	x_refsource_CONFIRM
	https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Juniper Networks

Junos OS

Version: 15.1   < 15.1R7-S6
Version: 15.1X49   < 15.1X49-D200
Version: 15.1X53   < 15.1X53-D592
Version: 16.1   < 16.1R7-S6
Version: 16.2   < 16.2R2-S11
Version: 17.1   < 17.1R2-S11, 17.1R3-S1
Version: 17.2   < 17.2R2-S8, 17.2R3-S3
Version: 17.3   < 17.3R3-S6
Version: 17.4   < 17.4R2-S7, 17.4R3
Version: 18.1   < 18.1R3-S8
Version: 18.2   < 18.2R3-S2
Version: 18.3   < 18.3R1-S6, 18.3R2-S2, 18.3R3
Version: 18.4   < 18.4R1-S5, 18.4R2-S3, 18.4R3
Version: 19.1   < 19.1R1-S3, 19.1R2
Version: 19.2   < 19.2R1-S3, 19.2R2
Version: 19.3   < 19.3R1, 19.3R2
Version: 18.2X75   < 18.2X75-D60

Juniper Networks

Junos OS Evolved

Version: unspecified < 19.3R1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:39:10.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "15.1R7-S6",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X49-D200",
              "status": "affected",
              "version": "15.1X49",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1X53-D592",
              "status": "affected",
              "version": "15.1X53",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1R7-S6",
              "status": "affected",
              "version": "16.1",
              "versionType": "custom"
            },
            {
              "lessThan": "16.2R2-S11",
              "status": "affected",
              "version": "16.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1R2-S11, 17.1R3-S1",
              "status": "affected",
              "version": "17.1",
              "versionType": "custom"
            },
            {
              "lessThan": "17.2R2-S8, 17.2R3-S3",
              "status": "affected",
              "version": "17.2",
              "versionType": "custom"
            },
            {
              "lessThan": "17.3R3-S6",
              "status": "affected",
              "version": "17.3",
              "versionType": "custom"
            },
            {
              "lessThan": "17.4R2-S7, 17.4R3",
              "status": "affected",
              "version": "17.4",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1R3-S8",
              "status": "affected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R3-S2",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S6, 18.3R2-S2, 18.3R3",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S3, 19.1R2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S3, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R1, 19.3R2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2X75-D60",
              "status": "affected",
              "version": "18.2X75",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Junos Evolved"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.3R1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The following minimal configuration is required: \n  [forwarding-options dhcp-relay]"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Longfei Fan from Codesafe Team of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "datePublic": "2020-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When a device using Juniper Network\u0027s Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Code Execution of Process",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T08:40:34",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10981"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5,  18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
        }
      ],
      "source": {
        "advisory": "JSA10981",
        "defect": [
          "1449353"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process.",
      "workarounds": [
        {
          "lang": "en",
          "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-01-08T17:00:00.000Z",
          "ID": "CVE-2020-1602",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1",
                            "version_value": "15.1R7-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X49",
                            "version_value": "15.1X49-D200"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "15.1X53",
                            "version_value": "15.1X53-D592"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.1",
                            "version_value": "16.1R7-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "16.2",
                            "version_value": "16.2R2-S11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.1",
                            "version_value": "17.1R2-S11, 17.1R3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.2",
                            "version_value": "17.2R2-S8, 17.2R3-S3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.3",
                            "version_value": "17.3R3-S6"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "17.4",
                            "version_value": "17.4R2-S7, 17.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R3-S2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S3, 19.1R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S3, 19.2R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R1, 19.3R2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "18.2X75",
                            "version_value": "18.2X75-D60"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Junos OS Evolved",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Junos Evolved",
                            "version_affected": "\u003c",
                            "version_value": "19.3R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "The following minimal configuration is required: \n  [forwarding-options dhcp-relay]"
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Longfei Fan from Codesafe Team of Legendsec at Qi\u0027anxin Group"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When a device using Juniper Network\u0027s Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Execution of Process"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416 Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10981",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10981"
            },
            {
              "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353",
              "refsource": "MISC",
              "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent\u0026id=PR1449353"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5,  18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication"
          }
        ],
        "source": {
          "advisory": "JSA10981",
          "defect": [
            "1449353"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1602",
    "datePublished": "2020-01-15T08:40:34.887886Z",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-09-16T16:43:16.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted