github - ghsa-jwqg-fhhf-42x8

GHSA-JWQG-FHHF-42X8

Vulnerability from github – Published: 2022-05-24 17:23 – Updated: 2022-05-24 17:23

Details

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1654"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-17T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.",
  "id": "GHSA-jwqg-fhhf-42x8",
  "modified": "2022-05-24T17:23:53Z",
  "published": "2022-05-24T17:23:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1654"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11031"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-1654 (GCVE-0-2020-1654)

Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 17:32

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Overflow

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11031

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Unaffected: 18.1 , < 18.1R1 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3-S3 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2-S4, 18.3R3-S1 (custom) Affected: 18.4 , < 18.4R1-S7, 18.4R2-S4, 18.4R3 (custom) Affected: 19.1 , < 19.1R1-S5, 19.1R2 (custom) Affected: 19.2 , < 19.2R1-S2, 19.2R2 (custom) Affected: 19.3 , < 19.3R2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:29.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11031"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "18.1R3-S9",
                  "status": "unaffected"
                }
              ],
              "lessThan": "18.1R1",
              "status": "unaffected",
              "version": "18.1",
              "versionType": "custom"
            },
            {
              "lessThan": "18.2R2-S7, 18.2R3-S3",
              "status": "affected",
              "version": "18.2",
              "versionType": "custom"
            },
            {
              "lessThan": "18.3R1-S7, 18.3R2-S4, 18.3R3-S1",
              "status": "affected",
              "version": "18.3",
              "versionType": "custom"
            },
            {
              "lessThan": "18.4R1-S7, 18.4R2-S4, 18.4R3",
              "status": "affected",
              "version": "18.4",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1R1-S5, 19.1R2",
              "status": "affected",
              "version": "19.1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S2, 19.2R2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue may occur only when ICAP Redirect Service is enabled.\n\nThe examples of minimum config stanza affected by this issue:\n  [services icap-redirect profile \u003cICAP_PROFILE_NAME\u003e]\nin combination with: \n  [security policies from-zone \u003cZONE_NAME\u003e to-zone \u003cZONE_NAME\u003e policy \u003cPOLICY_NAME\u003e then permit application-services \u003cICAP_PROFILE_NAME\u003e]"
        }
      ],
      "datePublic": "2020-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-17T18:40:44",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11031"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S4, 18.3R3-S1, 18.4R1-S7, 18.4R2-S4, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11031",
        "defect": [
          "1460035"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disable ICAP redirect service otherwise there are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
          "ID": "CVE-2020-1654",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "SRX Series",
                            "version_affected": "!\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R1"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.1",
                            "version_value": "18.1R3-S9"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.2",
                            "version_value": "18.2R2-S7, 18.2R3-S3"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.3",
                            "version_value": "18.3R1-S7, 18.3R2-S4, 18.3R3-S1"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "18.4",
                            "version_value": "18.4R1-S7, 18.4R2-S4, 18.4R3"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.1",
                            "version_value": "19.1R1-S5, 19.1R2"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S2, 19.2R2"
                          },
                          {
                            "platform": "SRX Series",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "This issue may occur only when ICAP Redirect Service is enabled.\n\nThe examples of minimum config stanza affected by this issue:\n  [services icap-redirect profile \u003cICAP_PROFILE_NAME\u003e]\nin combination with: \n  [security policies from-zone \u003cZONE_NAME\u003e to-zone \u003cZONE_NAME\u003e policy \u003cPOLICY_NAME\u003e then permit application-services \u003cICAP_PROFILE_NAME\u003e]"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. The offending HTTP message that causes this issue may originate both from the HTTP server or the HTTP client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9 ; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11031",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11031"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S4, 18.3R3-S1, 18.4R1-S7, 18.4R2-S4, 18.4R3, 19.1R1-S5, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11031",
          "defect": [
            "1460035"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Disable ICAP redirect service otherwise there are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2020-1654",
    "datePublished": "2020-07-17T18:40:45.036381Z",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-09-16T17:32:52.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-JWQG-FHHF-42X8

CVE-2020-1654 (GCVE-0-2020-1654)

Tags

Sightings

Nomenclature