Details of VAR-202004-0992

ID

VAR-202004-0992

CVE

CVE-2020-1616

TITLE

Juniper Networks Juniper Advanced Threat Prevention Series and Virtual JATP Vulnerability in improperly limiting excessive authentication attempts on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-004014

DESCRIPTION

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. Successful exploitation will allow the attacker to perform brute-force password attacks on the SSH service. This issue affects: Juniper Networks JATP and vJATP versions prior to 5.0.6.0. The vulnerability is due to the fact that the server-side program does not fully implement the limit on the number of requests. An attacker could exploit this vulnerability by sending a large number of login requests to obtain user credentials

Trust: 1.71

sources: NVD: CVE-2020-1616 // JVNDB: JVNDB-2020-004014 // VULHUB: VHN-169210

AFFECTED PRODUCTS

vendor:	juniper	model:	virtual advanced threat protection	scope:	lt	version:	5.0.6.0	Trust: 1.0
vendor:	juniper	model:	advanced threat protection	scope:	lt	version:	5.0.6.0	Trust: 1.0
vendor:	juniper	model:	advanced threat prevention	scope:	eq	version:	5.0.6.0	Trust: 0.8
vendor:	juniper	model:	virtual jatp	scope:	eq	version:	5.0.6.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-004014 // NVD: CVE-2020-1616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1616
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1616
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004014
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-511
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-169210
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1616
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004014
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-169210
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1616
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-004014
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169210 // JVNDB: JVNDB-2020-004014 // CNNVD: CNNVD-202004-511 // NVD: CVE-2020-1616 // NVD: CVE-2020-1616

PROBLEMTYPE DATA

problemtype:

CWE-307

Trust: 1.9

sources: VULHUB: VHN-169210 // JVNDB: JVNDB-2020-004014 // NVD: CVE-2020-1616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-511

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-511

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004014

PATCH

title:	JSA10999	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10999&actp=METADATA	Trust: 0.8
title:	Juniper Networks JATP and vJATP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113578	Trust: 0.6

sources: JVNDB: JVNDB-2020-004014 // CNNVD: CNNVD-202004-511

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1616	Trust: 2.5
db:	JUNIPER	id:	JSA10999	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004014	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-511	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1273	Trust: 0.6
db:	VULHUB	id:	VHN-169210	Trust: 0.1

sources: VULHUB: VHN-169210 // JVNDB: JVNDB-2020-004014 // CNNVD: CNNVD-202004-511 // NVD: CVE-2020-1616

REFERENCES

url:	https://kb.juniper.net/jsa10999	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1616	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1616	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.1273/	Trust: 0.6

sources: VULHUB: VHN-169210 // JVNDB: JVNDB-2020-004014 // CNNVD: CNNVD-202004-511 // NVD: CVE-2020-1616

SOURCES

db:	VULHUB	id:	VHN-169210
db:	JVNDB	id:	JVNDB-2020-004014
db:	CNNVD	id:	CNNVD-202004-511
db:	NVD	id:	CVE-2020-1616

LAST UPDATE DATE

2024-11-23T22:44:36.651000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169210	date:	2020-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004014	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-511	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2020-1616	date:	2024-11-21T05:11:00.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169210	date:	2020-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-004014	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-511	date:	2020-04-08T00:00:00
db:	NVD	id:	CVE-2020-1616	date:	2020-04-08T20:15:13.247