CVE-2020-1686

EPSS 0.55%
Veröffentlicht 16.10.2020 21:15:14
Zuletzt bearbeitet 21.11.2024 05:11:09
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version18.4 Update-

Juniper ≫ Junos Version18.4 Updater1

Juniper ≫ Junos Version18.4 Updater1-s1

Juniper ≫ Junos Version18.4 Updater1-s2

Juniper ≫ Junos Version18.4 Updater1-s5

Juniper ≫ Junos Version18.4 Updater1-s6

Juniper ≫ Junos Version18.4 Updater2

Juniper ≫ Junos Version18.4 Updater2-s1

Juniper ≫ Junos Version18.4 Updater2-s2

Juniper ≫ Junos Version18.4 Updater2-s3

Juniper ≫ Junos Version18.4 Updater3

Juniper ≫ Junos Version19.1 Update-

Juniper ≫ Junos Version19.1 Updater1

Juniper ≫ Junos Version19.1 Updater1-s1

Juniper ≫ Junos Version19.1 Updater1-s2

Juniper ≫ Junos Version19.1 Updater1-s3

Juniper ≫ Junos Version19.1 Updater1-s4

Juniper ≫ Junos Version19.1 Updater2

Juniper ≫ Junos Version19.2 Update-

Juniper ≫ Junos Version19.2 Updater1

Juniper ≫ Junos Version19.2 Updater1-s1

Juniper ≫ Junos Version19.2 Updater1-s2

Juniper ≫ Junos Version19.2 Updater1-s3

Juniper ≫ Junos Version19.2 Updater1-s4

Juniper ≫ Junos Version19.3 Update-

Juniper ≫ Junos Version19.3 Updater1

Juniper ≫ Junos Version19.3 Updater1-s1

Juniper ≫ Junos Version19.3 Updater2

Juniper ≫ Junos Version19.3 Updater2-s1

Juniper ≫ Junos Version19.3 Updater2-s2

Juniper ≫ Junos Version19.3 Updater2-s3

Juniper ≫ Junos Version19.4 Updater1

Juniper ≫ Junos Version19.4 Updater1-s1

Juniper ≫ Junos Version19.4 Updater1-s2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.55%	0.653

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://kb.juniper.net/JSA11083

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-1686

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1686

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1686

EUVD