Details of VAR-202010-0406

ID

VAR-202010-0406

CVE

CVE-2020-1675

TITLE

Juniper Networks Mist Cloud UI Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012128

DESCRIPTION

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. It provides cost and usage reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and private clouds, Docker containers and KVM hypervisors. The following products and versions are affected: Versions before September 2, 2020. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions

Trust: 1.8

sources: NVD: CVE-2020-1675 // JVNDB: JVNDB-2020-012128 // VULHUB: VHN-169859 // VULMON: CVE-2020-1675

AFFECTED PRODUCTS

vendor:	juniper	model:	mist cloud ui	scope:	lt	version:	2020-09-02	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	mist cloud user interface	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	mist cloud user interface	scope:	eq	version:	2020/09/02 before that	Trust: 0.8

sources: JVNDB: JVNDB-2020-012128 // NVD: CVE-2020-1675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1675
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2020-1675
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1675
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-739
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169859
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-1675
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1675
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169859
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1675
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	3.7
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012128
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169859 // VULMON: CVE-2020-1675 // JVNDB: JVNDB-2020-012128 // CNNVD: CNNVD-202010-739 // NVD: CVE-2020-1675 // NVD: CVE-2020-1675

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	CWE-299	Trust: 1.0
problemtype:	Improper authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-287	Trust: 0.1

sources: VULHUB: VHN-169859 // JVNDB: JVNDB-2020-012128 // NVD: CVE-2020-1675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-739

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-739

PATCH

title:	JSA11072	url:	https://kb.juniper.net/JSA11072	Trust: 0.8
title:	Juniper Networks Mist Cloud UI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130557	Trust: 0.6

sources: JVNDB: JVNDB-2020-012128 // CNNVD: CNNVD-202010-739

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1675	Trust: 2.6
db:	JUNIPER	id:	JSA11072	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012128	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-739	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3752	Trust: 0.6
db:	CNVD	id:	CNVD-2020-64791	Trust: 0.1
db:	VULHUB	id:	VHN-169859	Trust: 0.1
db:	VULMON	id:	CVE-2020-1675	Trust: 0.1

sources: VULHUB: VHN-169859 // VULMON: CVE-2020-1675 // JVNDB: JVNDB-2020-012128 // CNNVD: CNNVD-202010-739 // NVD: CVE-2020-1675

REFERENCES

url:	https://kb.juniper.net/jsa11072	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1675	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3752/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189889	Trust: 0.1

sources: VULHUB: VHN-169859 // VULMON: CVE-2020-1675 // JVNDB: JVNDB-2020-012128 // CNNVD: CNNVD-202010-739 // NVD: CVE-2020-1675

SOURCES

db:	VULHUB	id:	VHN-169859
db:	VULMON	id:	CVE-2020-1675
db:	JVNDB	id:	JVNDB-2020-012128
db:	CNNVD	id:	CNNVD-202010-739
db:	NVD	id:	CVE-2020-1675

LAST UPDATE DATE

2024-11-23T21:51:15.513000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169859	date:	2022-01-01T00:00:00
db:	VULMON	id:	CVE-2020-1675	date:	2020-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-012128	date:	2021-04-26T07:28:00
db:	CNNVD	id:	CNNVD-202010-739	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2020-1675	date:	2024-11-21T05:11:08.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169859	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1675	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012128	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-739	date:	2020-10-16T00:00:00
db:	NVD	id:	CVE-2020-1675	date:	2020-10-16T21:15:13.397