CVE-2020-1602Use After Free in Networks Junos OS

CWE-416Use After FreeCWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
CNA7.1
EPSS
0.2%
top 52.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 ver

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os_evolvedunspecified19.3R1
CVEListV5juniper_networks/junos_os15.115.1R7-S6+16
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-4frx-4mrc-562x: When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured2022-05-24
CVEList
Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process.2020-01-15

📋Vendor Advisories

1
Juniper
CVE-2020-1602: When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured2020-01-15
CVE-2020-1602 — Use After Free in Networks Junos OS | cvebase