CVE-2020-1682Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 16
Latest updateMay 24

Description

An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnera

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os15.1X4915.1X49-D220+7
NVDjuniper/junos8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-7fw3-cm94-wwp4: An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (2022-05-24
CVEList
Junos OS: SRX1500, vSRX, SRX4K, NFX150, NFX250: Denial of service vulnerability executing local CLI command2020-10-16

📋Vendor Advisories

1
Juniper
CVE-2020-1682: An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (2020-10-16

💬Community

1
Bugzilla
CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass2020-01-31
CVE-2020-1682 — Improper Input Validation | cvebase