VAR-202004-0992
Vulnerability from variot - Updated: 2023-12-18 11:58Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. The vulnerability is due to the fact that the server-side program does not fully implement the limit on the number of requests. An attacker could exploit this vulnerability by sending a large number of login requests to obtain user credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0992",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virtual advanced threat protection",
"scope": "lt",
"trust": 1.0,
"vendor": "juniper",
"version": "5.0.6.0"
},
{
"model": "advanced threat protection",
"scope": "lt",
"trust": 1.0,
"vendor": "juniper",
"version": "5.0.6.0"
},
{
"model": "advanced threat prevention",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "5.0.6.0"
},
{
"model": "virtual jatp",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "5.0.6.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:advanced_threat_protection:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:virtual_advanced_threat_protection:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0.6.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1616"
}
]
},
"cve": "CVE-2020-1616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004014",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-169210",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-004014",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-1616",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2020-1616",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004014",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-511",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-169210",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169210"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. The vulnerability is due to the fact that the server-side program does not fully implement the limit on the number of requests. An attacker could exploit this vulnerability by sending a large number of login requests to obtain user credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "VULHUB",
"id": "VHN-169210"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1616",
"trust": 2.5
},
{
"db": "JUNIPER",
"id": "JSA10999",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1273",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169210",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169210"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"id": "VAR-202004-0992",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-169210"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:58:30.022000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10999",
"trust": 0.8,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10999\u0026actp=metadata"
},
{
"title": "Juniper Networks JATP and vJATP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=113578"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-307",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169210"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://kb.juniper.net/jsa10999"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1616"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1616"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1273/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169210"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-169210"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-169210"
},
{
"date": "2020-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"date": "2020-04-08T20:15:13.247000",
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"date": "2020-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-169210"
},
{
"date": "2020-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004014"
},
{
"date": "2020-04-14T18:53:31.290000",
"db": "NVD",
"id": "CVE-2020-1616"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Juniper Advanced Threat Prevention Series and Virtual JATP Vulnerability in improperly limiting excessive authentication attempts on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-511"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…