PT-2020-1557 · Juniper Networks · Junos

Published

2020-01-08

·

Updated

2021-11-18

·

CVE-2020-1604

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series Junos OS versions prior to 14.1X53-D52 on QFX3500 Series Junos OS versions prior to 14.1X53-D48 on EX4300 Series Junos OS versions prior to 15.1R7-S3 on EX4300 Series Junos OS versions prior to 16.1R7 on EX4300 Series Junos OS versions prior to 17.1R3 on EX4300 Series Junos OS versions prior to 17.2R3 on EX4300 Series Junos OS versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series Junos OS versions prior to 17.4R2 on EX4300 Series Junos OS versions prior to 18.1R3 on EX4300 Series Junos OS versions prior to 18.2R2 on EX4300 Series
Description A vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). The issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. The issue may occur when evaluating both IPv4 or IPv6 packets. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to impact data integrity and confidentiality.
Recommendations For Junos OS versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series, update to version 14.1X53-D12 or later. For Junos OS versions prior to 14.1X53-D52 on QFX3500 Series, update to version 14.1X53-D52 or later. For Junos OS versions prior to 14.1X53-D48 on EX4300 Series, update to version 14.1X53-D48 or later. For Junos OS versions prior to 15.1R7-S3 on EX4300 Series, update to version 15.1R7-S3 or later. For Junos OS versions prior to 16.1R7 on EX4300 Series, update to version 16.1R7 or later. For Junos OS versions prior to 17.1R3 on EX4300 Series, update to version 17.1R3 or later. For Junos OS versions prior to 17.2R3 on EX4300 Series, update to version 17.2R3 or later. For Junos OS versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series, update to version 17.3R2-S5, 17.3R3 or later. For Junos OS versions prior to 17.4R2 on EX4300 Series, update to version 17.4R2 or later. For Junos OS versions prior to 18.1R3 on EX4300 Series, update to version 18.1R3 or later. For Junos OS versions prior to 18.2R2 on EX4300 Series, update to version 18.2R2 or later.

Fix

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

BDU:2020-00556
CVE-2020-1604

Affected Products

Junos