Details of VAR-202010-0710

ID

VAR-202010-0710

CVE

CVE-2020-1676

TITLE

Juniper Networks Mist Cloud UI Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012659

DESCRIPTION

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. It provides cost and usage reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and private clouds, Docker containers and KVM hypervisors. The following products and versions are affected: Versions before September 2, 2020

Trust: 1.8

sources: NVD: CVE-2020-1676 // JVNDB: JVNDB-2020-012659 // VULHUB: VHN-169870 // VULMON: CVE-2020-1676

AFFECTED PRODUCTS

vendor:	juniper	model:	mist cloud ui	scope:	lt	version:	2020-09-02	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	mist cloud user interface	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	mist cloud user interface	scope:	eq	version:	2020/9/2 before that	Trust: 0.8

sources: JVNDB: JVNDB-2020-012659 // NVD: CVE-2020-1676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1676
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1676
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1676
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-741
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169870
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-1676
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1676
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169870
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-1676
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.7
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012659
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169870 // VULMON: CVE-2020-1676 // JVNDB: JVNDB-2020-012659 // CNNVD: CNNVD-202010-741 // NVD: CVE-2020-1676 // NVD: CVE-2020-1676

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-755	Trust: 0.1

sources: VULHUB: VHN-169870 // JVNDB: JVNDB-2020-012659 // NVD: CVE-2020-1676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-741

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-741

PATCH

title:	JSA11072	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11072&actp=METADATA	Trust: 0.8
title:	Juniper Networks Mist Cloud UI Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131344	Trust: 0.6

sources: JVNDB: JVNDB-2020-012659 // CNNVD: CNNVD-202010-741

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1676	Trust: 2.6
db:	JUNIPER	id:	JSA11072	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012659	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-741	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3752	Trust: 0.6
db:	CNVD	id:	CNVD-2020-64792	Trust: 0.1
db:	VULHUB	id:	VHN-169870	Trust: 0.1
db:	VULMON	id:	CVE-2020-1676	Trust: 0.1

sources: VULHUB: VHN-169870 // VULMON: CVE-2020-1676 // JVNDB: JVNDB-2020-012659 // CNNVD: CNNVD-202010-741 // NVD: CVE-2020-1676

REFERENCES

url:	https://kb.juniper.net/jsa11072	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1676	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3752/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189890	Trust: 0.1

sources: VULHUB: VHN-169870 // VULMON: CVE-2020-1676 // JVNDB: JVNDB-2020-012659 // CNNVD: CNNVD-202010-741 // NVD: CVE-2020-1676

SOURCES

db:	VULHUB	id:	VHN-169870
db:	VULMON	id:	CVE-2020-1676
db:	JVNDB	id:	JVNDB-2020-012659
db:	CNNVD	id:	CNNVD-202010-741
db:	NVD	id:	CVE-2020-1676

LAST UPDATE DATE

2024-11-23T21:51:15.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169870	date:	2022-01-01T00:00:00
db:	VULMON	id:	CVE-2020-1676	date:	2020-10-29T00:00:00
db:	JVNDB	id:	JVNDB-2020-012659	date:	2021-05-20T08:24:00
db:	CNNVD	id:	CNNVD-202010-741	date:	2022-01-04T00:00:00
db:	NVD	id:	CVE-2020-1676	date:	2024-11-21T05:11:08.380

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169870	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1676	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012659	date:	2021-05-20T00:00:00
db:	CNNVD	id:	CNNVD-202010-741	date:	2020-10-16T00:00:00
db:	NVD	id:	CVE-2020-1676	date:	2020-10-16T21:15:13.473