CVE-2020-1682 Information

Description

An input validation vulnerability exists in Juniper Networks Junos OS allowing an attacker to crash the srxpfe process causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500 SRX4100 SRX4200 NFX150 NFX250 and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500 SRX4100 SRX4200 vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500 SRX4100 SRX4200 vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500 SRX4100 SRX4200 vSRX NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500 SRX4100 SRX4200 vSRX NFX150 NFX250; 18.3 versions prior to 18.3R2-S4 18.3R3-S3 on SRX1500 SRX4100 SRX4200 vSRX NFX150 NFX250; 18.4 versions prior to 18.4R2-S5 18.4R3-S4 on SRX1500 SRX4100 SRX4200 vSRX NFX150 NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500 SRX4100 SRX4200 vSRX NFX150 NFX250; 19.2 versions prior to 19.2R1-S5 19.2R3 on SRX1500 SRX4100 SRX4200 vSRX NFX150 NFX250. This issue does not affect Junos OS 19.3 or any subsequent version.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://kb.juniper.net/JSA11079

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5