Juniper Networks Junos OS: 15.1 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

Summary

Juniper Networks Junos OS: 15.1 suffers from improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://kb.juniper.net/JSA10981


Details

When a device using Juniper Network’s Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.

 

Vulnerable Systems:

Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S6

Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D200

Juniper Networks Junos OS 15.1X53 versions prior to 15.1X53-D592

Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6

Juniper Networks Junos OS 16.2 versions prior to 16.2R2-S11

Juniper Networks Junos OS 17.1 versions prior to 17.1R2-S11

Juniper Networks Junos OS 17.1R3-S1

Juniper Networks Junos OS 17.2 versions prior to 17.2R2-S8

Juniper Networks Junos OS 17.2R3-S3

Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S6

Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S7

Juniper Networks Junos OS 17.4R3

Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S8

Juniper Networks Junos OS 18.2 versions prior to 18.2R3-S2

Juniper Networks Junos OS 18.2X75 versions prior to 18.2X75-D60

Juniper Networks Junos OS 18.3 versions prior to 18.3R1-S6

Juniper Networks Junos OS 18.3R2-S2, 18.3R3

Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S5

Juniper Networks Junos OS 18.4R2-S3, 18.4R3

Juniper Networks Junos OS 19.1 versions prior to 19.1R1-S3

Juniper Networks Junos OS 19.1R2

Juniper Networks Junos OS 19.2 versions prior to 19.2R1-S3

Juniper Networks Junos OS 19.2R2 

Juniper Networks Junos OS All versions prior to 19.3R1

 

CVE Information:

CVE-2020-1602

 

Disclosure Timeline:
Published Date:1/15/2020

Categories: News