Lucene search

[email protected]CVE-2020-1628

HistoryApr 08, 2020 - 8:15 p.m.

CVE-2020-1628

2020-04-0820:15:14

CWE-200

[email protected]

web.nvd.nist.gov

juniper networks

junos os

ex4300

cve-2020-1628

information exposure

vulnerability

nvd

security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading to an information exposure vulnerability. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300; 15.1 versions prior to 15.1R7-S6 on EX4300; 15.1X49 versions prior to 15.1X49-D200, 15.1X49-D210 on EX4300; 16.1 versions prior to 16.1R7-S7 on EX4300; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300; 18.1 versions prior to 18.1R3-S8 on EX4300; 18.2 versions prior to 18.2R3-S2 on EX4300; 18.3 versions prior to 18.3R2-S3, 18.3R3, 18.3R3-S1 on EX4300; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300; 19.1 versions prior to 19.1R1-S4, 19.1R2 on EX4300; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2 on EX4300.

Affected configurations

NVD

Node

juniperjunosMatch14.1x53-

juniperjunosMatch14.1x53d10

juniperjunosMatch14.1x53d15

juniperjunosMatch14.1x53d16

juniperjunosMatch14.1x53d25

juniperjunosMatch14.1x53d26

juniperjunosMatch14.1x53d27

juniperjunosMatch14.1x53d30

juniperjunosMatch14.1x53d35

juniperjunosMatch14.1x53d40

juniperjunosMatch14.1x53d42

juniperjunosMatch14.1x53d43

juniperjunosMatch14.1x53d44

juniperjunosMatch14.1x53d45

juniperjunosMatch14.1x53d48

juniperjunosMatch14.1x53d50

juniperjunosMatch14.1x53d51

juniperjunosMatch15.1-

juniperjunosMatch15.1a1

juniperjunosMatch15.1f

juniperjunosMatch15.1f1

juniperjunosMatch15.1f2

juniperjunosMatch15.1f2-s1

juniperjunosMatch15.1f2-s2

juniperjunosMatch15.1f2-s3

juniperjunosMatch15.1f2-s4

juniperjunosMatch15.1f3

juniperjunosMatch15.1f4

juniperjunosMatch15.1f5

juniperjunosMatch15.1f5-s7

juniperjunosMatch15.1f6

juniperjunosMatch15.1f6-s1

juniperjunosMatch15.1f6-s12

juniperjunosMatch15.1f6-s2

juniperjunosMatch15.1f6-s3

juniperjunosMatch15.1f6-s4

juniperjunosMatch15.1f6-s7

juniperjunosMatch15.1f7

juniperjunosMatch15.1r1

juniperjunosMatch15.1r2

juniperjunosMatch15.1r3

juniperjunosMatch15.1r4

juniperjunosMatch15.1r4-s7

juniperjunosMatch15.1r4-s8

juniperjunosMatch15.1r4-s9

juniperjunosMatch15.1r5

juniperjunosMatch15.1r5-s1

juniperjunosMatch15.1r5-s5

juniperjunosMatch15.1r5-s6

juniperjunosMatch15.1r6

juniperjunosMatch15.1r6-s1

juniperjunosMatch15.1r6-s2

juniperjunosMatch15.1r6-s6

juniperjunosMatch15.1r7

juniperjunosMatch15.1r7-s1

juniperjunosMatch15.1r7-s2

juniperjunosMatch15.1r7-s3

juniperjunosMatch15.1r7-s4

juniperjunosMatch15.1r7-s5

juniperjunosMatch15.1x49-

juniperjunosMatch15.1x49d10

juniperjunosMatch15.1x49d100

juniperjunosMatch15.1x49d110

juniperjunosMatch15.1x49d120

juniperjunosMatch15.1x49d130

juniperjunosMatch15.1x49d140

juniperjunosMatch15.1x49d15

juniperjunosMatch15.1x49d150

juniperjunosMatch15.1x49d160

juniperjunosMatch15.1x49d170

juniperjunosMatch15.1x49d180

juniperjunosMatch15.1x49d190

juniperjunosMatch15.1x49d20

juniperjunosMatch15.1x49d25

juniperjunosMatch15.1x49d30

juniperjunosMatch15.1x49d35

juniperjunosMatch15.1x49d40

juniperjunosMatch15.1x49d45

juniperjunosMatch15.1x49d50

juniperjunosMatch15.1x49d55

juniperjunosMatch15.1x49d60

juniperjunosMatch15.1x49d65

juniperjunosMatch15.1x49d70

juniperjunosMatch15.1x49d75

juniperjunosMatch15.1x49d80

juniperjunosMatch15.1x49d90

juniperjunosMatch16.1-

juniperjunosMatch16.1r1

juniperjunosMatch16.1r2

juniperjunosMatch16.1r3

juniperjunosMatch16.1r3-s10

juniperjunosMatch16.1r3-s11

juniperjunosMatch16.1r4

juniperjunosMatch16.1r4-s12

juniperjunosMatch16.1r4-s2

juniperjunosMatch16.1r4-s3

juniperjunosMatch16.1r4-s4

juniperjunosMatch16.1r4-s6

juniperjunosMatch16.1r5

juniperjunosMatch16.1r5-s4

juniperjunosMatch16.1r6-s1

juniperjunosMatch16.1r6-s6

juniperjunosMatch16.1r7

juniperjunosMatch16.1r7-s2

juniperjunosMatch16.1r7-s3

juniperjunosMatch16.1r7-s4

juniperjunosMatch16.1r7-s5

juniperjunosMatch16.1r7-s6

juniperjunosMatch17.1-

juniperjunosMatch17.1r1

juniperjunosMatch17.1r2

juniperjunosMatch17.1r2-s1

juniperjunosMatch17.1r2-s10

juniperjunosMatch17.1r2-s2

juniperjunosMatch17.1r2-s3

juniperjunosMatch17.1r2-s4

juniperjunosMatch17.1r2-s5

juniperjunosMatch17.1r2-s6

juniperjunosMatch17.1r2-s7

juniperjunosMatch17.1r2-s8

juniperjunosMatch17.1r2-s9

juniperjunosMatch17.1r3

juniperjunosMatch17.1r3-s1

juniperjunosMatch17.2-

juniperjunosMatch17.2r1

juniperjunosMatch17.2r1-s1

juniperjunosMatch17.2r1-s2

juniperjunosMatch17.2r1-s3

juniperjunosMatch17.2r1-s4

juniperjunosMatch17.2r1-s5

juniperjunosMatch17.2r1-s7

juniperjunosMatch17.2r1-s8

juniperjunosMatch17.2r2

juniperjunosMatch17.2r2-s6

juniperjunosMatch17.2r2-s7

juniperjunosMatch17.2r3-s1

juniperjunosMatch17.2r3-s2

juniperjunosMatch17.3-

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r3-

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.3r3-s5

juniperjunosMatch17.3r3-s6

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s4

juniperjunosMatch17.4r1-s5

juniperjunosMatch17.4r1-s6

juniperjunosMatch17.4r1-s7

juniperjunosMatch17.4r2

juniperjunosMatch17.4r2-s1

juniperjunosMatch17.4r2-s2

juniperjunosMatch17.4r2-s3

juniperjunosMatch17.4r2-s4

juniperjunosMatch17.4r2-s5

juniperjunosMatch17.4r2-s6

juniperjunosMatch17.4r2-s7

juniperjunosMatch17.4r2-s8

juniperjunosMatch18.1-

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.2-

juniperjunosMatch18.2r1-s3

juniperjunosMatch18.2r1-s5

juniperjunosMatch18.2r2-s1

juniperjunosMatch18.2r2-s2

juniperjunosMatch18.2r2-s3

juniperjunosMatch18.2r2-s4

juniperjunosMatch18.2r2-s5

juniperjunosMatch18.2r2-s6

juniperjunosMatch18.2r3

juniperjunosMatch18.2r3-s1

juniperjunosMatch18.3-

juniperjunosMatch18.3r1

juniperjunosMatch18.3r1-s1

juniperjunosMatch18.3r1-s2

juniperjunosMatch18.3r1-s3

juniperjunosMatch18.3r1-s5

juniperjunosMatch18.3r2

juniperjunosMatch18.3r2-s1

juniperjunosMatch18.3r2-s2

juniperjunosMatch18.3r3

juniperjunosMatch18.4-

juniperjunosMatch18.4r1

juniperjunosMatch18.4r1-s1

juniperjunosMatch18.4r1-s2

juniperjunosMatch18.4r1-s3

juniperjunosMatch18.4r1-s4

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s2

juniperjunosMatch19.1-

juniperjunosMatch19.1r1

juniperjunosMatch19.1r1-s1

juniperjunosMatch19.1r1-s2

juniperjunosMatch19.1r1-s3

juniperjunosMatch19.2-

juniperjunosMatch19.2r1

juniperjunosMatch19.2r1-s1

juniperjunosMatch19.2r1-s2

juniperjunosMatch19.2r1-s3

juniperjunosMatch19.3r1

AND

juniperex4300Match-

CPENameOperatorVersion
juniper:junosjuniper junoseq14.1x53
juniper:junosjuniper junoseq15.1
juniper:junosjuniper junoseq15.1x49
juniper:junosjuniper junoseq16.1
juniper:junosjuniper junoseq17.1
juniper:junosjuniper junoseq17.2
juniper:junosjuniper junoseq17.3
juniper:junosjuniper junoseq17.4
juniper:junosjuniper junoseq18.1
juniper:junosjuniper junoseq18.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	14.1x53
juniper:junos	juniper junos	eq	15.1
juniper:junos	juniper junos	eq	15.1x49
juniper:junos	juniper junos	eq	16.1
juniper:junos	juniper junos	eq	17.1
juniper:junos	juniper junos	eq	17.2
juniper:junos	juniper junos	eq	17.3
juniper:junos	juniper junos	eq	17.4
juniper:junos	juniper junos	eq	18.1
juniper:junos	juniper junos	eq	18.2

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "platforms": [
      "EX4300"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D53",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1R7-S6",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D200, 15.1X49-D210",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1R7-S7",
        "status": "affected",
        "version": "16.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R2-S11, 17.1R3-S2",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R3-S3",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R2-S5, 17.3R3-S7",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S9, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S8",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R3-S2",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R2-S3, 18.3R3, 18.3R3-S1",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S5, 18.4R2-S3, 18.4R3",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S4, 19.1R2",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S4, 19.2R2",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R1-S1, 19.3R2",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11008

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for CVE-2020-1628

prion1 nessus1 cvelist1 nvd1