Vulnerabilities > CVE-2020-1601 - Unspecified vulnerability in Juniper Junos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 123 | |
| Hardware | Juniper
| 21 |
Nessus
NASL family Junos Local Security Checks NASL id JUNIPER_JSA10980.NASL description According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the path computational element protocol daemon (pccd) process. An unauthenticated, remote attacker can exploit this issue, by sending malformed Path Computation Element Protocol (PCEP) packets to a Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment in order to cause the pccd process to crash and generate a core file, thereby causing a Denial of Service (DoS) condition. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-01-20 plugin id 133088 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133088 title Junos OS: pccd DoS (JSA10980) code #TRUSTED 9b5ab9e02d8b9d5b49f8cece58b1eed5f33e58eaaeec8111e926e8a3bd77b1244f50a8161f4407f2b0ed480e95ea62d19234fbf63b3bbb72f99eeeaa5090df91f665beb37975178ad614ed1ef19b475325fb738392907d0a9b21f9417655ef4505fcb2876c5f27654e1533703d93966226d5f157af91fe927a61e0ff13b1bbd58ddfcaae0d85f42533de7dc8fbcfe55cd15515839ef68218406c249d5efc26425bb819e63f01b8bbbaa43a39d8281c7cffe324c7a317e8c7ef88abbd37e5ebe2d2ffc8914e68b3bb975d6957a52b9729f2506b3a4f5b0fdacf7990e1fae2538d6fa4ae48de178756b784d6e7a853161f50b7cb5fe1e715376a06e26cede7428d1a5a4225d7e6e5fe8e917c137c68be8246561eb0999f9b71bd95b4685950dd494182f509e803b8aff69aa59c37188560149aebc0464a9c96b25a65d898649cc23dc3a6cdb448f4b420a94cab5d72437efb09d434a22009db12cffa8200d1383730162a759a9649098b8b4effd7223203a0ac2621ea29e2d9ab4d79bf541a6ad12645627587a683b6c2eed475f27beb28b326b0bbe4e6d3694c2881e52275796aab4154bf6ee52033ee819aacbf7ca54f4880f6d78c6743508bf1a02a9f04f9cf1f25c21d5bb6fab2137c12d265db3233e0bdaa966786ac74c22224d024d6c241c029a7579cd2792106f7b61c2050a26e126ee4cbab7487efb2c810a0a811c966 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133088); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/01/20"); script_cve_id("CVE-2020-1601"); script_xref(name:"JSA", value:"JSA10980"); script_xref(name:"IAVA", value:"2020-A-0012"); script_name(english:"Junos OS: pccd DoS (JSA10980)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability in the path computational element protocol daemon (pccd) process. An unauthenticated, remote attacker can exploit this issue, by sending malformed Path Computation Element Protocol (PCEP) packets to a Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment in order to cause the pccd process to crash and generate a core file, thereby causing a Denial of Service (DoS) condition. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10980"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10980."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1601"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/20"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Junos Local Security Checks"); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version"); exit(0); } include('audit.inc'); include('junos.inc'); include('junos_kb_cmd_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item('Host/Juniper/model'); fixes = make_array(); if ( model =~ '^SRX') fixes['15.1X49'] = '15.1X49-D180'; if (ver =~ "^17.2R([0-1])([^0-9]|$)") fixes['17.2'] = '17.2R1-S9'; else fixes['17.2'] = '17.2R3-S2'; fixes['15.1F'] = '15.1F6-S13'; fixes['15.1R'] = '15.1R7-S4'; # 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; fixes['15.1X53'] = '15.1X53-D238'; fixes['16.1'] = '16.1R7-S4'; fixes['16.2'] = '16.2R2-S9'; fixes['17.1'] = '17.1R2-S11'; fixes['17.3'] = '17.3R3-S3'; fixes['17.4'] = '17.4R2-S2'; fixes['18.1'] = '18.1R3-S2'; fixes['18.2X75'] = '18.2X75-D40'; fixes['18.2'] = '18.2R2-S6'; fixes['18.3'] = '18.3R2'; fixes['18.4'] = '18.4R1-S2'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); override = TRUE; buf = junos_command_kb_item(cmd:'show configuration | display set'); if (buf) { override = FALSE; pattern = "^set protocols pcep pce .* destination-ipv4-address"; if (!junos_check_config(buf:buf, pattern:pattern)) audit(AUDIT_HOST_NOT, 'using a vulnerable configuration'); } junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);NASL family Junos Local Security Checks NASL id JUNIPER_JSA10979.NASL description The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10979 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-06 modified 2020-02-25 plugin id 133965 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133965 title Juniper JSA10979 code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133965); script_version("1.2"); script_cve_id( "CVE-2020-1600", "CVE-2020-1601", "CVE-2020-1602", "CVE-2020-1603", "CVE-2020-1604", "CVE-2020-1605", "CVE-2020-1607", "CVE-2020-1608", "CVE-2020-1609" ); script_xref(name:"IAVA", value:"2020-A-0012"); script_name(english:"Juniper JSA10979"); script_summary(english:"Checks the Junos version and build date."); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the JSA10979 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16613"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16765"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/KB16446"); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/JSA10979"); script_set_attribute(attribute:"solution", value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10979"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1600"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model"); exit(0); } include('audit.inc'); include('junos.inc'); include('misc_func.inc'); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); model = get_kb_item_or_exit('Host/Juniper/model'); fixes = make_array(); fixes["12.3X48"] = "12.3X48-D90"; fixes["15.1"] = "15.1R7-S6"; fixes["15.1X49"] = "15.1X49-D200"; fixes["15.1X53"] = "15.1X53-D238"; fixes["16.1"] = "16.1R7-S5"; fixes["16.2"] = "16.2R2-S11"; fixes["17.1"] = "17.1R3-S1"; fixes["17.2"] = "17.2R3-S2"; fixes["17.3"] = "17.3R3-S7"; fixes["17.4"] = "17.4R2-S4"; fixes["18.1"] = "18.1R3-S5"; fixes["18.2"] = "18.2R3"; fixes["18.2X75"] = "18.2X75-D50"; fixes["18.3"] = "18.3R2"; fixes["18.4"] = "18.4R1-S6"; fixes["19.1"] = "19.1R2"; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); report = get_report(ver:ver, fix:fix); security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);