CVE-2020-1654 — Classic Buffer Overflow in Networks Junos OS

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

2.1%

top 15.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 17

Latest updateMay 24

Description

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 v…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os18.2 — 18.2R2-S7, 18.2R3-S3+5

▶NVDjuniper/junos7 versions+6

🔴Vulnerability Details

GHSA

GHSA-jwqg-fhhf-42x8: On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead↗2022-05-24

▶

CVEList

Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution↗2020-07-17

▶

📋Vendor Advisories

Juniper

CVE-2020-1654: On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead↗2020-07-17

▶