cvelistv5 - cve-2020-1616

CVE-2020-1616 (GCVE-0-2020-1616)

Vulnerability from cvelistv5 – Published: 2020-04-08 19:25 – Updated: 2024-09-17 00:01

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Brute-force password attack
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Insufficient Server-side login attempt limit enforcement

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA10999

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Juniper Networks	JATP	Affected: unspecified , < 5.0.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:29.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10999"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "JATP Series, vJATP"
          ],
          "product": "JATP",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "5.0.6.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Brute-force password attack",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Insufficient Server-side login attempt limit enforcement",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-08T19:25:53",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA10999"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: JATP-OS All-In-One version 5.0.6.0 and subsequent releases, and JATP-OS Core 5.0.6.0 and subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10999",
        "defect": [
          "1365233"
        ],
        "discovery": "INTERNAL"
      },
      "title": "JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue.  \nUtilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-04-08T13:00:00.000Z",
          "ID": "CVE-2020-1616",
          "STATE": "PUBLIC",
          "TITLE": "JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JATP",
                      "version": {
                        "version_data": [
                          {
                            "platform": "JATP Series, vJATP",
                            "version_affected": "\u003c",
                            "version_value": "5.0.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Brute-force password attack"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient Server-side login attempt limit enforcement"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10999",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA10999"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: JATP-OS All-In-One version 5.0.6.0 and subsequent releases, and JATP-OS Core 5.0.6.0 and subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA10999",
          "defect": [
            "1365233"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no known workarounds for this issue.  \nUtilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1616",
    "datePublished": "2020-04-08T19:25:53.879616Z",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-09-17T00:01:04.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.6.0\", \"matchCriteriaId\": \"ABA62963-4CFB-4CA6-B1CA-CB0E77E74C22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.0.6.0\", \"matchCriteriaId\": \"C8718655-FD12-40BE-A9C6-AC649C66FAB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.\"}, {\"lang\": \"es\", \"value\": \"Debido a la insuficiente aplicaci\\u00f3n del l\\u00edmite del intento de inicio de sesi\\u00f3n del lado del servidor, una vulnerabilidad en el servicio de inicio de sesi\\u00f3n SSH de los dispositivos Juniper Networks Juniper Advanced Threat Prevention (JATP) Series y Virtual JATP (vJATP), permite a un atacante remoto no autenticado llevar a cabo m\\u00faltiples intentos de inicio de sesi\\u00f3n que exceden el l\\u00edmite de intento de inicio de sesi\\u00f3n configurado. Una explotaci\\u00f3n con \\u00e9xito permitir\\u00e1 al atacante realizar ataques de contrase\\u00f1a de fuerza bruta en el servicio SSH. Este problema afecta: JATP y vJATP de Juniper Networks versiones anteriores a 5.0.6.0.\"}]",
      "id": "CVE-2020-1616",
      "lastModified": "2024-11-21T05:11:00.190",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-08T20:15:13.247",
      "references": "[{\"url\": \"https://kb.juniper.net/JSA10999\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA10999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-307\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1616\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2020-04-08T20:15:13.247\",\"lastModified\":\"2024-11-21T05:11:00.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.\"},{\"lang\":\"es\",\"value\":\"Debido a la insuficiente aplicaci\u00f3n del l\u00edmite del intento de inicio de sesi\u00f3n del lado del servidor, una vulnerabilidad en el servicio de inicio de sesi\u00f3n SSH de los dispositivos Juniper Networks Juniper Advanced Threat Prevention (JATP) Series y Virtual JATP (vJATP), permite a un atacante remoto no autenticado llevar a cabo m\u00faltiples intentos de inicio de sesi\u00f3n que exceden el l\u00edmite de intento de inicio de sesi\u00f3n configurado. Una explotaci\u00f3n con \u00e9xito permitir\u00e1 al atacante realizar ataques de contrase\u00f1a de fuerza bruta en el servicio SSH. Este problema afecta: JATP y vJATP de Juniper Networks versiones anteriores a 5.0.6.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-307\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.6.0\",\"matchCriteriaId\":\"ABA62963-4CFB-4CA6-B1CA-CB0E77E74C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.0.6.0\",\"matchCriteriaId\":\"C8718655-FD12-40BE-A9C6-AC649C66FAB9\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA10999\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA10999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-1616

Vulnerability from fkie_nvd - Published: 2020-04-08 20:15 - Updated: 2024-11-21 05:11

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	sirt@juniper.net	https://kb.juniper.net/JSA10999	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10999	Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	advanced_threat_protection	*
	juniper	virtual_advanced_threat_protection	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA62963-4CFB-4CA6-B1CA-CB0E77E74C22",
              "versionEndExcluding": "5.0.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8718655-FD12-40BE-A9C6-AC649C66FAB9",
              "versionEndExcluding": "5.0.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0."
    },
    {
      "lang": "es",
      "value": "Debido a la insuficiente aplicaci\u00f3n del l\u00edmite del intento de inicio de sesi\u00f3n del lado del servidor, una vulnerabilidad en el servicio de inicio de sesi\u00f3n SSH de los dispositivos Juniper Networks Juniper Advanced Threat Prevention (JATP) Series y Virtual JATP (vJATP), permite a un atacante remoto no autenticado llevar a cabo m\u00faltiples intentos de inicio de sesi\u00f3n que exceden el l\u00edmite de intento de inicio de sesi\u00f3n configurado. Una explotaci\u00f3n con \u00e9xito permitir\u00e1 al atacante realizar ataques de contrase\u00f1a de fuerza bruta en el servicio SSH. Este problema afecta: JATP y vJATP de Juniper Networks versiones anteriores a 5.0.6.0."
    }
  ],
  "id": "CVE-2020-1616",
  "lastModified": "2024-11-21T05:11:00.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-08T20:15:13.247",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10999"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-1616

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1616

Aliases

CVE-2020-1616

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1616",
    "description": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.",
    "id": "GSD-2020-1616"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1616"
      ],
      "details": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.",
      "id": "GSD-2020-1616",
      "modified": "2023-12-13T01:21:58.959245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2020-04-08T13:00:00.000Z",
        "ID": "CVE-2020-1616",
        "STATE": "PUBLIC",
        "TITLE": "JATP Series: JATP Is susceptible to slow brute force attacks on the SSH service."
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "JATP",
                    "version": {
                      "version_data": [
                        {
                          "platform": "JATP Series, vJATP",
                          "version_affected": "\u003c",
                          "version_value": "5.0.6.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Brute-force password attack"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficient Server-side login attempt limit enforcement"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA10999",
            "refsource": "MISC",
            "url": "https://kb.juniper.net/JSA10999"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The following software releases have been updated to resolve this specific issue: JATP-OS All-In-One version 5.0.6.0 and subsequent releases, and JATP-OS Core 5.0.6.0 and subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA10999",
        "defect": [
          "1365233"
        ],
        "discovery": "INTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "There are no known workarounds for this issue.  \nUtilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2020-1616"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-307"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10999",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10999"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-04-14T18:53Z",
      "publishedDate": "2020-04-08T20:15Z"
    }
  }
}

GHSA-7VPP-24RH-P2MV

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1616"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-08T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0.",
  "id": "GHSA-7vpp-24rh-p2mv",
  "modified": "2022-05-24T17:13:51Z",
  "published": "2022-05-24T17:13:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1616"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10999"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2020-AVI-198

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS Evolved	Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO
Owncloud	Core	JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0
N/A	N/A	Série NFX250 versions antérieures à 19.2R1
N/A	N/A	JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11004 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10997 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11002 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10994 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11003 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10998 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11010 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11013 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11009 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11016 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10999 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11014 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11006 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11008 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11005 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11001 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10996 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11007 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11000 du 08 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    },
    {
      "description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-4556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2020-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
    },
    {
      "name": "CVE-2019-4509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
    },
    {
      "name": "CVE-2019-4454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
    },
    {
      "name": "CVE-2019-10173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
    },
    {
      "name": "CVE-2020-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2020-1627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
    },
    {
      "name": "CVE-2020-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
    },
    {
      "name": "CVE-2019-4581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2018-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
    },
    {
      "name": "CVE-2018-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
    },
    {
      "name": "CVE-2020-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
    },
    {
      "name": "CVE-2018-11784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
    },
    {
      "name": "CVE-2016-1285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
    },
    {
      "name": "CVE-2020-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
    },
    {
      "name": "CVE-2020-1618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
    },
    {
      "name": "CVE-2018-10858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
    },
    {
      "name": "CVE-2013-7285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
    },
    {
      "name": "CVE-2020-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
    },
    {
      "name": "CVE-2020-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
    },
    {
      "name": "CVE-2020-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
    },
    {
      "name": "CVE-2018-6916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2020-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
    },
    {
      "name": "CVE-2018-11237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
    },
    {
      "name": "CVE-2020-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2019-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
    },
    {
      "name": "CVE-2020-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
    },
    {
      "name": "CVE-2020-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
    },
    {
      "name": "CVE-2020-1625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2020-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
    },
    {
      "name": "CVE-2016-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
    },
    {
      "name": "CVE-2020-1613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
    },
    {
      "name": "CVE-2020-1617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
    },
    {
      "name": "CVE-2020-1614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
    },
    {
      "name": "CVE-2020-1628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-198",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2020-AVI-198

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS Evolved	Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO
Owncloud	Core	JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0
N/A	N/A	Série NFX250 versions antérieures à 19.2R1
N/A	N/A	JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11004 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10997 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11002 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10994 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11003 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10998 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11010 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11013 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11009 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11016 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10999 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11014 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11006 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11008 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11005 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11001 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10996 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11007 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11000 du 08 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    },
    {
      "description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-4556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2020-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
    },
    {
      "name": "CVE-2019-4509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
    },
    {
      "name": "CVE-2019-4454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
    },
    {
      "name": "CVE-2019-10173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
    },
    {
      "name": "CVE-2020-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2020-1627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
    },
    {
      "name": "CVE-2020-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
    },
    {
      "name": "CVE-2019-4581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2018-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
    },
    {
      "name": "CVE-2018-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
    },
    {
      "name": "CVE-2020-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
    },
    {
      "name": "CVE-2018-11784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
    },
    {
      "name": "CVE-2016-1285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
    },
    {
      "name": "CVE-2020-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
    },
    {
      "name": "CVE-2020-1618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
    },
    {
      "name": "CVE-2018-10858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
    },
    {
      "name": "CVE-2013-7285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
    },
    {
      "name": "CVE-2020-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
    },
    {
      "name": "CVE-2020-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
    },
    {
      "name": "CVE-2020-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
    },
    {
      "name": "CVE-2018-6916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2020-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
    },
    {
      "name": "CVE-2018-11237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
    },
    {
      "name": "CVE-2020-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2019-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
    },
    {
      "name": "CVE-2020-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
    },
    {
      "name": "CVE-2020-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
    },
    {
      "name": "CVE-2020-1625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2020-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
    },
    {
      "name": "CVE-2016-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
    },
    {
      "name": "CVE-2020-1613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
    },
    {
      "name": "CVE-2020-1617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
    },
    {
      "name": "CVE-2020-1614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
    },
    {
      "name": "CVE-2020-1628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-198",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

VAR-202004-0992

Vulnerability from variot - Updated: 2023-12-18 11:58

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. The vulnerability is due to the fact that the server-side program does not fully implement the limit on the number of requests. An attacker could exploit this vulnerability by sending a large number of login requests to obtain user credentials

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0992",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "virtual advanced threat protection",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "5.0.6.0"
      },
      {
        "model": "advanced threat protection",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "5.0.6.0"
      },
      {
        "model": "advanced threat prevention",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "5.0.6.0"
      },
      {
        "model": "virtual jatp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "5.0.6.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      }
    ]
  },
  "cve": "CVE-2020-1616",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004014",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-169210",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-004014",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-1616",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2020-1616",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-004014",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202004-511",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-169210",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. The vulnerability is due to the fact that the server-side program does not fully implement the limit on the number of requests. An attacker could exploit this vulnerability by sending a large number of login requests to obtain user credentials",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1616",
        "trust": 2.5
      },
      {
        "db": "JUNIPER",
        "id": "JSA10999",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.1273",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-169210",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "id": "VAR-202004-0992",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:58:30.022000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10999",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10999\u0026actp=metadata"
      },
      {
        "title": "Juniper Networks JATP  and vJATP Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=113578"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-307",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://kb.juniper.net/jsa10999"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1616"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1616"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.1273/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "date": "2020-04-08T20:15:13.247000",
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "date": "2020-04-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-169210"
      },
      {
        "date": "2020-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      },
      {
        "date": "2020-04-14T18:53:31.290000",
        "db": "NVD",
        "id": "CVE-2020-1616"
      },
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks Juniper Advanced Threat Prevention Series and  Virtual JATP Vulnerability in improperly limiting excessive authentication attempts on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-004014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202004-511"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1616 (GCVE-0-2020-1616)

FKIE_CVE-2020-1616

GSD-2020-1616

GHSA-7VPP-24RH-P2MV

CERTFR-2020-AVI-198

Solution

CERTFR-2020-AVI-198

Solution

VAR-202004-0992

Tags

Sightings

Nomenclature