CVE-2020-1647: Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled
First published: Fri Jul 17 2020(Updated: )
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Junos OS Evolved | =18.1 | |
| Junos OS Evolved | =18.1-r1 | |
| Junos OS Evolved | =18.1-r2 | |
| Junos OS Evolved | =18.1-r2-s1 | |
| Junos OS Evolved | =18.1-r2-s2 | |
| Junos OS Evolved | =18.1-r2-s4 | |
| Junos OS Evolved | =18.1-r3 | |
| Junos OS Evolved | =18.1-r3-s1 | |
| Junos OS Evolved | =18.1-r3-s2 | |
| Junos OS Evolved | =18.1-r3-s3 | |
| Junos OS Evolved | =18.1-r3-s4 | |
| Junos OS Evolved | =18.1-r3-s6 | |
| Junos OS Evolved | =18.1-r3-s7 | |
| Junos OS Evolved | =18.1-r3-s8 | |
| Junos OS Evolved | =18.2 | |
| Junos OS Evolved | =18.2-r1 | |
| Junos OS Evolved | =18.2-r1 | |
| Junos OS Evolved | =18.2-r1-s3 | |
| Junos OS Evolved | =18.2-r1-s4 | |
| Junos OS Evolved | =18.2-r1-s5 | |
| Junos OS Evolved | =18.2-r2 | |
| Junos OS Evolved | =18.2-r2-s1 | |
| Junos OS Evolved | =18.2-r2-s2 | |
| Junos OS Evolved | =18.2-r2-s3 | |
| Junos OS Evolved | =18.2-r2-s4 | |
| Junos OS Evolved | =18.2-r2-s5 | |
| Junos OS Evolved | =18.2-r2-s6 | |
| Junos OS Evolved | =18.2-r3 | |
| Junos OS Evolved | =18.2-r3-s1 | |
| Junos OS Evolved | =18.2-r3-s2 | |
| Junos OS Evolved | =18.3 | |
| Junos OS Evolved | =18.3-r1 | |
| Junos OS Evolved | =18.3-r1-s1 | |
| Junos OS Evolved | =18.3-r1-s2 | |
| Junos OS Evolved | =18.3-r1-s3 | |
| Junos OS Evolved | =18.3-r1-s5 | |
| Junos OS Evolved | =18.3-r1-s6 | |
| Junos OS Evolved | =18.3-r2 | |
| Junos OS Evolved | =18.3-r2-s1 | |
| Junos OS Evolved | =18.3-r2-s2 | |
| Junos OS Evolved | =18.3-r2-s3 | |
| Junos OS Evolved | =18.3-r3 | |
| Junos OS Evolved | =18.4 | |
| Junos OS Evolved | =18.4-r1 | |
| Junos OS Evolved | =18.4-r1-s1 | |
| Junos OS Evolved | =18.4-r1-s2 | |
| Junos OS Evolved | =18.4-r1-s5 | |
| Junos OS Evolved | =18.4-r1-s6 | |
| Junos OS Evolved | =18.4-r2 | |
| Junos OS Evolved | =18.4-r2-s1 | |
| Junos OS Evolved | =18.4-r2-s2 | |
| Junos OS Evolved | =18.4-r2-s3 | |
| Junos OS Evolved | =18.4-r2-s4 | |
| Junos OS Evolved | =19.1 | |
| Junos OS Evolved | =19.1-r1 | |
| Junos OS Evolved | =19.1-r1-s1 | |
| Junos OS Evolved | =19.1-r1-s2 | |
| Junos OS Evolved | =19.1-r1-s3 | |
| Junos OS Evolved | =19.1-r1-s4 | |
| Junos OS Evolved | =19.2 | |
| Junos OS Evolved | =19.2-r1 | |
| Junos OS Evolved | =19.2-r1-s1 | |
| Junos OS Evolved | =19.3 | |
| Junos OS Evolved | =19.3-r1 | |
| Junos OS Evolved | =19.3-r1-s1 |
Remedy
The following software releases have been updated to resolve this specific issue: 18.1R3-S9, 18.2R3-S3, 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-1647?
CVE-2020-1647 is classified as high severity due to its potential to cause Denial of Service (DoS) or Remote Code Execution (RCE).
How do I fix CVE-2020-1647?
To fix CVE-2020-1647, update the affected Juniper Networks SRX Series with the recommended patches from Juniper's security advisory.
What software versions are affected by CVE-2020-1647?
CVE-2020-1647 affects several versions of Junos OS, including 18.1, 18.2, 18.3, and 18.4.
What kind of vulnerability is CVE-2020-1647?
CVE-2020-1647 is a double free vulnerability related to the processing of specific HTTP messages in the ICAP redirect service.
Can CVE-2020-1647 lead to data breaches?
Yes, CVE-2020-1647 can potentially lead to data breaches if exploited, as it allows for remote code execution.
- agent/type
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/junos os evolved
- version/junos os evolved/18.1
- version/junos os evolved/18.1-r1
- version/junos os evolved/18.1-r2
- version/junos os evolved/18.1-r2-s1
- version/junos os evolved/18.1-r2-s2
- version/junos os evolved/18.1-r2-s4
- version/junos os evolved/18.1-r3
- version/junos os evolved/18.1-r3-s1
- version/junos os evolved/18.1-r3-s2
- version/junos os evolved/18.1-r3-s3
- version/junos os evolved/18.1-r3-s4
- version/junos os evolved/18.1-r3-s6
- version/junos os evolved/18.1-r3-s7
- version/junos os evolved/18.1-r3-s8
- version/junos os evolved/18.2
- version/junos os evolved/18.2-r1
- version/junos os evolved/18.2-r1-s3
- version/junos os evolved/18.2-r1-s4
- version/junos os evolved/18.2-r1-s5
- version/junos os evolved/18.2-r2
- version/junos os evolved/18.2-r2-s1
- version/junos os evolved/18.2-r2-s2
- version/junos os evolved/18.2-r2-s3
- version/junos os evolved/18.2-r2-s4
- version/junos os evolved/18.2-r2-s5
- version/junos os evolved/18.2-r2-s6
- version/junos os evolved/18.2-r3
- version/junos os evolved/18.2-r3-s1
- version/junos os evolved/18.2-r3-s2
- version/junos os evolved/18.3
- version/junos os evolved/18.3-r1
- version/junos os evolved/18.3-r1-s1
- version/junos os evolved/18.3-r1-s2
- version/junos os evolved/18.3-r1-s3
- version/junos os evolved/18.3-r1-s5
- version/junos os evolved/18.3-r1-s6
- version/junos os evolved/18.3-r2
- version/junos os evolved/18.3-r2-s1
- version/junos os evolved/18.3-r2-s2
- version/junos os evolved/18.3-r2-s3
- version/junos os evolved/18.3-r3
- version/junos os evolved/18.4
- version/junos os evolved/18.4-r1
- version/junos os evolved/18.4-r1-s1
- version/junos os evolved/18.4-r1-s2
- version/junos os evolved/18.4-r1-s5
- version/junos os evolved/18.4-r1-s6
- version/junos os evolved/18.4-r2
- version/junos os evolved/18.4-r2-s1
- version/junos os evolved/18.4-r2-s2
- version/junos os evolved/18.4-r2-s3
- version/junos os evolved/18.4-r2-s4
- version/junos os evolved/19.1
- version/junos os evolved/19.1-r1
- version/junos os evolved/19.1-r1-s1
- version/junos os evolved/19.1-r1-s2
- version/junos os evolved/19.1-r1-s3
- version/junos os evolved/19.1-r1-s4
- version/junos os evolved/19.2
- version/junos os evolved/19.2-r1
- version/junos os evolved/19.2-r1-s1
- version/junos os evolved/19.3
- version/junos os evolved/19.3-r1
- version/junos os evolved/19.3-r1-s1