CVE-2020-1602: Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process.
First published: Wed Jan 15 2020(Updated: )
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos | =15.1-r7 | |
| Juniper Junos | =15.1-r7-s1 | |
| Juniper Junos | =15.1-r7-s2 | |
| Juniper Junos | =15.1-r7-s3 | |
| Juniper Junos | =15.1-r7-s4 | |
| Juniper Junos | =15.1-r7-s5 | |
| Juniper Junos | =15.1x49-d10 | |
| Juniper Junos | =15.1x49-d110 | |
| Juniper Junos | =15.1x49-d140 | |
| Juniper Junos | =15.1x49-d150 | |
| Juniper Junos | =15.1x49-d170 | |
| Juniper Junos | =15.1x49-d180 | |
| Juniper Junos | =15.1x49-d190 | |
| Juniper Junos | =15.1x49-d20 | |
| Juniper Junos | =15.1x49-d30 | |
| Juniper Junos | =15.1x49-d35 | |
| Juniper Junos | =15.1x49-d40 | |
| Juniper Junos | =15.1x49-d50 | |
| Juniper Junos | =15.1x49-d55 | |
| Juniper Junos | =15.1x49-d60 | |
| Juniper Junos | =15.1x49-d65 | |
| Juniper Junos | =15.1x49-d70 | |
| Juniper Junos | =15.1x49-d75 | |
| Juniper Junos | =15.1x49-d80 | |
| Juniper Junos | =15.1x49-d90 | |
| Juniper Junos | =15.1x53-d20 | |
| Juniper Junos | =15.1x53-d21 | |
| Juniper Junos | =15.1x53-d210 | |
| Juniper Junos | =15.1x53-d25 | |
| Juniper Junos | =15.1x53-d30 | |
| Juniper Junos | =15.1x53-d31 | |
| Juniper Junos | =15.1x53-d32 | |
| Juniper Junos | =15.1x53-d33 | |
| Juniper Junos | =15.1x53-d34 | |
| Juniper Junos | =15.1x53-d40 | |
| Juniper Junos | =15.1x53-d45 | |
| Juniper Junos | =15.1x53-d470 | |
| Juniper Junos | =15.1x53-d495 | |
| Juniper Junos | =15.1x53-d56 | |
| Juniper Junos | =15.1x53-d591 | |
| Juniper Junos | =15.1x53-d60 | |
| Juniper Junos | =15.1x53-d61 | |
| Juniper Junos | =15.1x53-d62 | |
| Juniper Junos | =15.1x53-d63 | |
| Juniper Junos | =15.1x53-d65 | |
| Juniper Junos | =15.1x53-d70 | |
| Juniper Junos | =16.1 | |
| Juniper Junos | =16.1-r1 | |
| Juniper Junos | =16.1-r2 | |
| Juniper Junos | =16.1-r3 | |
| Juniper Junos | =16.1-r3-s10 | |
| Juniper Junos | =16.1-r4 | |
| Juniper Junos | =16.1-r5-s4 | |
| Juniper Junos | =16.1-r6-s1 | |
| Juniper Junos | =16.1-r7 | |
| Juniper Junos | =16.1-r7-s4 | |
| Juniper Junos | =16.1-r7-s5 | |
| Juniper Junos | =16.2 | |
| Juniper Junos | =16.2-r1 | |
| Juniper Junos | =16.2-r2 | |
| Juniper Junos | =16.2-r2-s1 | |
| Juniper Junos | =16.2-r2-s2 | |
| Juniper Junos | =16.2-r2-s5 | |
| Juniper Junos | =16.2-r2-s6 | |
| Juniper Junos | =16.2-r2-s7 | |
| Juniper Junos | =16.2-r2-s8 | |
| Juniper Junos | =16.2-r2-s9 | |
| Juniper Junos | =17.1 | |
| Juniper Junos | =17.1-r1 | |
| Juniper Junos | =17.1-r2-s1 | |
| Juniper Junos | =17.1-r2-s10 | |
| Juniper Junos | =17.1-r2-s2 | |
| Juniper Junos | =17.1-r2-s3 | |
| Juniper Junos | =17.1-r2-s4 | |
| Juniper Junos | =17.1-r2-s5 | |
| Juniper Junos | =17.1-r2-s6 | |
| Juniper Junos | =17.1-r2-s7 | |
| Juniper Junos | =17.1-r3 | |
| Juniper Junos | =17.2 | |
| Juniper Junos | =17.2-r1-s2 | |
| Juniper Junos | =17.2-r1-s4 | |
| Juniper Junos | =17.2-r1-s7 | |
| Juniper Junos | =17.2-r1-s8 | |
| Juniper Junos | =17.2-r2-s6 | |
| Juniper Junos | =17.2-r2-s7 | |
| Juniper Junos | =17.2-r3-s1 | |
| Juniper Junos | =17.2-r3-s2 | |
| Juniper Junos | =17.3 | |
| Juniper Junos | =17.3-r1-s1 | |
| Juniper Junos | =17.3-r2 | |
| Juniper Junos | =17.3-r2-s1 | |
| Juniper Junos | =17.3-r2-s2 | |
| Juniper Junos | =17.3-r3-s1 | |
| Juniper Junos | =17.3-r3-s2 | |
| Juniper Junos | =17.3-r3-s3 | |
| Juniper Junos | =17.3-r3-s4 | |
| Juniper Junos | =17.3-r3-s5 | |
| Juniper Junos | =17.4 | |
| Juniper Junos | =17.4-r1 | |
| Juniper Junos | =17.4-r1-s1 | |
| Juniper Junos | =17.4-r1-s2 | |
| Juniper Junos | =17.4-r1-s4 | |
| Juniper Junos | =17.4-r1-s6 | |
| Juniper Junos | =17.4-r1-s7 | |
| Juniper Junos | =17.4-r2 | |
| Juniper Junos | =17.4-r2-s1 | |
| Juniper Junos | =17.4-r2-s3 | |
| Juniper Junos | =17.4-r2-s4 | |
| Juniper Junos | =17.4-r2-s5 | |
| Juniper Junos | =17.4-r2-s6 | |
| Juniper Junos | =18.1-r3-s5 | |
| Juniper Junos | =18.1-r3-s6 | |
| Juniper Junos | =18.1-r3-s7 | |
| Juniper Junos | =18.2 | |
| Juniper Junos | =18.2-r1-s5 | |
| Juniper Junos | =18.2-r2-s1 | |
| Juniper Junos | =18.2-r2-s2 | |
| Juniper Junos | =18.2-r2-s3 | |
| Juniper Junos | =18.2-r2-s4 | |
| Juniper Junos | =18.2-r3 | |
| Juniper Junos | =18.2-r3-s1 | |
| Juniper Junos | =18.2x75 | |
| Juniper Junos | =18.2x75-d20 | |
| Juniper Junos | =18.2x75-d40 | |
| Juniper Junos | =18.3 | |
| Juniper Junos | =18.3-r1 | |
| Juniper Junos | =18.3-r1-s1 | |
| Juniper Junos | =18.3-r1-s2 | |
| Juniper Junos | =18.3-r1-s3 | |
| Juniper Junos | =18.3-r1-s4 | |
| Juniper Junos | =18.3-r1-s5 | |
| Juniper Junos | =18.3-r2 | |
| Juniper Junos | =18.4 | |
| Juniper Junos | =18.4-r1 | |
| Juniper Junos | =18.4-r1-s1 | |
| Juniper Junos | =18.4-r1-s2 | |
| Juniper Junos | =18.4-r1-s3 | |
| Juniper Junos | =18.4-r1-s4 | |
| Juniper Junos | =18.4-r2 | |
| Juniper Junos | =19.1-r1 | |
| Juniper Junos | =19.1-r1-s1 | |
| Juniper Junos | =19.1-r1-s2 | |
| Juniper Junos | =19.2-r1 | |
| Juniper Junos | =19.2-r1-s1 | |
| Juniper Junos | =19.2-r1-s2 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases. Junos OS Evolved: 19.3R1, and all subsequent releases. *pending publication
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1602?
CVE-2020-1602 has been classified with a CVSS score that indicates a critical severity, allowing remote code execution through crafted IPv4 packets.
How do I fix CVE-2020-1602?
To remediate CVE-2020-1602, Juniper Networks advises upgrading to the latest patched version of the Junos OS as specified in their security advisories.
What versions of Junos OS are affected by CVE-2020-1602?
CVE-2020-1602 affects several versions of Junos OS, including 15.1, 16.1, and all the way to 19.2, specifically in configurations using the JDHCPD process.
Can CVE-2020-1602 lead to full system compromise?
Yes, CVE-2020-1602 potentially allows an attacker to execute arbitrary code, which could lead to full system compromise depending on the network environment.
Is there a workaround for CVE-2020-1602 before patching?
While the primary recommendation is to apply the patch, temporarily disabling DHCP relay configurations could help mitigate the risk associated with CVE-2020-1602.
- agent/references
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/title
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/15.1-r7
- version/juniper junos/15.1-r7-s1
- version/juniper junos/15.1-r7-s2
- version/juniper junos/15.1-r7-s3
- version/juniper junos/15.1-r7-s4
- version/juniper junos/15.1-r7-s5
- version/juniper junos/15.1x49-d10
- version/juniper junos/15.1x49-d110
- version/juniper junos/15.1x49-d140
- version/juniper junos/15.1x49-d150
- version/juniper junos/15.1x49-d170
- version/juniper junos/15.1x49-d180
- version/juniper junos/15.1x49-d190
- version/juniper junos/15.1x49-d20
- version/juniper junos/15.1x49-d30
- version/juniper junos/15.1x49-d35
- version/juniper junos/15.1x49-d40
- version/juniper junos/15.1x49-d50
- version/juniper junos/15.1x49-d55
- version/juniper junos/15.1x49-d60
- version/juniper junos/15.1x49-d65
- version/juniper junos/15.1x49-d70
- version/juniper junos/15.1x49-d75
- version/juniper junos/15.1x49-d80
- version/juniper junos/15.1x49-d90
- version/juniper junos/15.1x53-d20
- version/juniper junos/15.1x53-d21
- version/juniper junos/15.1x53-d210
- version/juniper junos/15.1x53-d25
- version/juniper junos/15.1x53-d30
- version/juniper junos/15.1x53-d31
- version/juniper junos/15.1x53-d32
- version/juniper junos/15.1x53-d33
- version/juniper junos/15.1x53-d34
- version/juniper junos/15.1x53-d40
- version/juniper junos/15.1x53-d45
- version/juniper junos/15.1x53-d470
- version/juniper junos/15.1x53-d495
- version/juniper junos/15.1x53-d56
- version/juniper junos/15.1x53-d591
- version/juniper junos/15.1x53-d60
- version/juniper junos/15.1x53-d61
- version/juniper junos/15.1x53-d62
- version/juniper junos/15.1x53-d63
- version/juniper junos/15.1x53-d65
- version/juniper junos/15.1x53-d70
- version/juniper junos/16.1
- version/juniper junos/16.1-r1
- version/juniper junos/16.1-r2
- version/juniper junos/16.1-r3
- version/juniper junos/16.1-r3-s10
- version/juniper junos/16.1-r4
- version/juniper junos/16.1-r5-s4
- version/juniper junos/16.1-r6-s1
- version/juniper junos/16.1-r7
- version/juniper junos/16.1-r7-s4
- version/juniper junos/16.1-r7-s5
- version/juniper junos/16.2
- version/juniper junos/16.2-r1
- version/juniper junos/16.2-r2
- version/juniper junos/16.2-r2-s1
- version/juniper junos/16.2-r2-s2
- version/juniper junos/16.2-r2-s5
- version/juniper junos/16.2-r2-s6
- version/juniper junos/16.2-r2-s7
- version/juniper junos/16.2-r2-s8
- version/juniper junos/16.2-r2-s9
- version/juniper junos/17.1
- version/juniper junos/17.1-r1
- version/juniper junos/17.1-r2-s1
- version/juniper junos/17.1-r2-s10
- version/juniper junos/17.1-r2-s2
- version/juniper junos/17.1-r2-s3
- version/juniper junos/17.1-r2-s4
- version/juniper junos/17.1-r2-s5
- version/juniper junos/17.1-r2-s6
- version/juniper junos/17.1-r2-s7
- version/juniper junos/17.1-r3
- version/juniper junos/17.2
- version/juniper junos/17.2-r1-s2
- version/juniper junos/17.2-r1-s4
- version/juniper junos/17.2-r1-s7
- version/juniper junos/17.2-r1-s8
- version/juniper junos/17.2-r2-s6
- version/juniper junos/17.2-r2-s7
- version/juniper junos/17.2-r3-s1
- version/juniper junos/17.2-r3-s2
- version/juniper junos/17.3
- version/juniper junos/17.3-r1-s1
- version/juniper junos/17.3-r2
- version/juniper junos/17.3-r2-s1
- version/juniper junos/17.3-r2-s2
- version/juniper junos/17.3-r3-s1
- version/juniper junos/17.3-r3-s2
- version/juniper junos/17.3-r3-s3
- version/juniper junos/17.3-r3-s4
- version/juniper junos/17.3-r3-s5
- version/juniper junos/17.4
- version/juniper junos/17.4-r1
- version/juniper junos/17.4-r1-s1
- version/juniper junos/17.4-r1-s2
- version/juniper junos/17.4-r1-s4
- version/juniper junos/17.4-r1-s6
- version/juniper junos/17.4-r1-s7
- version/juniper junos/17.4-r2
- version/juniper junos/17.4-r2-s1
- version/juniper junos/17.4-r2-s3
- version/juniper junos/17.4-r2-s4
- version/juniper junos/17.4-r2-s5
- version/juniper junos/17.4-r2-s6
- version/juniper junos/18.1-r3-s5
- version/juniper junos/18.1-r3-s6
- version/juniper junos/18.1-r3-s7
- version/juniper junos/18.2
- version/juniper junos/18.2-r1-s5
- version/juniper junos/18.2-r2-s1
- version/juniper junos/18.2-r2-s2
- version/juniper junos/18.2-r2-s3
- version/juniper junos/18.2-r2-s4
- version/juniper junos/18.2-r3
- version/juniper junos/18.2-r3-s1
- version/juniper junos/18.2x75
- version/juniper junos/18.2x75-d20
- version/juniper junos/18.2x75-d40
- version/juniper junos/18.3
- version/juniper junos/18.3-r1
- version/juniper junos/18.3-r1-s1
- version/juniper junos/18.3-r1-s2
- version/juniper junos/18.3-r1-s3
- version/juniper junos/18.3-r1-s4
- version/juniper junos/18.3-r1-s5
- version/juniper junos/18.3-r2
- version/juniper junos/18.4
- version/juniper junos/18.4-r1
- version/juniper junos/18.4-r1-s1
- version/juniper junos/18.4-r1-s2
- version/juniper junos/18.4-r1-s3
- version/juniper junos/18.4-r1-s4
- version/juniper junos/18.4-r2
- version/juniper junos/19.1-r1
- version/juniper junos/19.1-r1-s1
- version/juniper junos/19.1-r1-s2
- version/juniper junos/19.2-r1
- version/juniper junos/19.2-r1-s1
- version/juniper junos/19.2-r1-s2