Lucene search

JuniperCVE-2020-1683

HistoryOct 16, 2020 - 9:15 p.m.

CVE-2020-1683

2020-10-1621:15:14

CWE-401

juniper

web.nvd.nist.gov

juniper

networks

junos os

snmp

oid

memory leak

kernel crash

ssh

vulnerability

cve-2020-1683

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match “pfe_ipc|kmem” pfe_ipc 147 5K - 164352 16,32,64,8192 <– increasing vm.kmem_map_free: 127246336 <– decreasing pfe_ipc 0 0K - 18598 32,8192 vm.kmem_map_free: 134582272 This issue affects Juniper Networks Junos OS: 17.4R3; 18.1 version 18.1R3-S5 and later versions prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions prior to 18.2R3-S3; 18.2X75 version 18.2X75-D420, 18.2X75-D50 and later versions prior to 18.2X75-D430, 18.2X75-D53, 18.2X75-D60; 18.3 version 18.3R3 and later versions prior to 18.3R3-S2; 18.4 version 18.4R1-S4, 18.4R2 and later versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 version 19.1R2 and later versions prior to 19.1R2-S2, 19.1R3; 19.2 version 19.2R1 and later versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 17.4R3.

Affected configurations

Nvd

Node

juniperjunosMatch17.4r3

juniperjunosMatch18.1r3-s5

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.1r3-s8

juniperjunosMatch18.1r3-s9

juniperjunosMatch18.2r3

juniperjunosMatch18.2r3-s1

juniperjunosMatch18.2r3-s2

juniperjunosMatch18.2x75-

juniperjunosMatch18.2x75d12

juniperjunosMatch18.2x75d20

juniperjunosMatch18.2x75d30

juniperjunosMatch18.2x75d40

juniperjunosMatch18.2x75d411

juniperjunosMatch18.2x75d51

juniperjunosMatch18.3r3

juniperjunosMatch18.3r3-s1

juniperjunosMatch18.4r1-s4

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s2

juniperjunosMatch18.4r2-s3

juniperjunosMatch18.4r2-s4

juniperjunosMatch18.4r3

juniperjunosMatch19.1r2

juniperjunosMatch19.1r2-s1

juniperjunosMatch19.2r1

juniperjunosMatch19.2r1-s1

juniperjunosMatch19.2r1-s2

juniperjunosMatch19.2r1-s3

juniperjunosMatch19.2r1-s4

juniperjunosMatch19.3-

juniperjunosMatch19.3r1

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

juniperjunosMatch19.3r2-s2

juniperjunosMatch19.3r2-s3

juniperjunosMatch19.3r2-s4

juniperjunosMatch19.4r1

juniperjunosMatch19.4r1-s1

juniperjunosMatch19.4r1-s2

VendorProductVersionCPE
juniperjunos17.4cpe:2.3:o:juniper:junos:17.4:r3:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*
juniperjunos18.1cpe:2.3:o:juniper:junos:18.1:r3-s9:*:*:*:*:*:*
juniperjunos18.2cpe:2.3:o:juniper:junos:18.2:r3:*:*:*:*:*:*
juniperjunos18.2cpe:2.3:o:juniper:junos:18.2:r3-s1:*:*:*:*:*:*
juniperjunos18.2cpe:2.3:o:juniper:junos:18.2:r3-s2:*:*:*:*:*:*
juniperjunos18.2x75cpe:2.3:o:juniper:junos:18.2x75:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	17.4	cpe:2.3:o:juniper:junos:17.4:r3::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s5::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
juniper	junos	18.1	cpe:2.3:o:juniper:junos:18.1:r3-s9::::::
juniper	junos	18.2	cpe:2.3:o:juniper:junos:18.2:r3::::::
juniper	junos	18.2	cpe:2.3:o:juniper:junos:18.2:r3-s1::::::
juniper	junos	18.2	cpe:2.3:o:juniper:junos:18.2:r3-s2::::::
juniper	junos	18.2x75	cpe:2.3:o:juniper:junos:18.2x75:-::::::

Rows per page:

1-10 of 431

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "17.4R3"
      },
      {
        "lessThan": "17.4R3",
        "status": "unaffected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.1R3-S10",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.1*",
        "status": "affected",
        "version": "18.1R3-S5",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.2R3-S3",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.2*",
        "status": "affected",
        "version": "18.2R3",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.2X75-D430, 18.2X75-D53, 18.2X75-D60",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.2X75*",
        "status": "affected",
        "version": "18.2X75-D420, 18.2X75-D50",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.3R3-S2",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.3*",
        "status": "affected",
        "version": "18.3R3",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "18.4R2-S5, 18.4R3-S1",
            "status": "unaffected"
          }
        ],
        "lessThan": "18.4*",
        "status": "affected",
        "version": "18.4R1-S4, 18.4R2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "19.1R2-S2, 19.1R3",
            "status": "unaffected"
          }
        ],
        "lessThan": "19.1*",
        "status": "affected",
        "version": "19.1R2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "19.2R1-S5, 19.2R2",
            "status": "unaffected"
          }
        ],
        "lessThan": "19.2*",
        "status": "affected",
        "version": "19.2R1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R2-S5, 19.3R3",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R1-S3, 19.4R2",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11080

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVE-2020-1683