Vulnerabilities > CVE-2020-1600 - Infinite Loop vulnerability in Juniper Junos

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

juniper

CWE-835

nessus

NVD

Published: 2020-01-15

Updated: 2021-09-14

Summary

In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 12.3X48 Juniper Junos 15.1 Juniper Junos 15.1X49 Juniper Junos 15.1X53 Juniper Junos 16.1 Juniper Junos 16.2 Juniper Junos 17.1 Juniper Junos 17.2 Juniper Junos 17.3 Juniper Junos 17.4 Juniper Junos 18.1 Juniper Junos 18.2 Juniper Junos 18.2X75 Juniper Junos 18.3 Juniper Junos 18.4 Juniper Junos 19.1	156

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10979.NASL
description	The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10979 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-06
modified	2020-02-25
plugin id	133965
published	2020-02-25
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133965
title	Juniper JSA10979
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133965); script_version("1.2"); script_cve_id( "CVE-2020-1600", "CVE-2020-1601", "CVE-2020-1602", "CVE-2020-1603", "CVE-2020-1604", "CVE-2020-1605", "CVE-2020-1607", "CVE-2020-1608", "CVE-2020-1609" ); script_xref(name:"IAVA", value:"2020-A-0012"); script_name(english:"Juniper JSA10979"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10979 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10979"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10979"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1600"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); fixes["12.3X48"] = "12.3X48-D90"; fixes["15.1"] = "15.1R7-S6"; fixes["15.1X49"] = "15.1X49-D200"; fixes["15.1X53"] = "15.1X53-D238"; fixes["16.1"] = "16.1R7-S5"; fixes["16.2"] = "16.2R2-S11"; fixes["17.1"] = "17.1R3-S1"; fixes["17.2"] = "17.2R3-S2"; fixes["17.3"] = "17.3R3-S7"; fixes["17.4"] = "17.4R2-S4"; fixes["18.1"] = "18.1R3-S5"; fixes["18.2"] = "18.2R3"; fixes["18.2X75"] = "18.2X75-D50"; fixes["18.3"] = "18.3R2"; fixes["18.4"] = "18.4R1-S6"; fixes["19.1"] = "19.1R2"; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References