VDB-162806 · CVE-2020-1674 · JSA11071

Juniper Junos MACsec Packet protection mechanism

A vulnerability was found in Juniper Junos (Router Operating System) (affected version not known) and classified as problematic. Affected by this issue is an unknown function of the component MACsec Packet Handler. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

ID	Commited	User	Field	Change	Remarks	Moderated	Reason	C
10639957	11/20/2020	VulD...	cve_cna	Juniper Networks, Inc.	nvd.nist.gov	11/20/2020	accepted	70
10639956	11/20/2020	VulD...	cvss2_nvd_ai	N	nvd.nist.gov	11/20/2020	accepted	70
10639955	11/20/2020	VulD...	cvss2_nvd_ii	P	nvd.nist.gov	11/20/2020	accepted	70
10639954	11/20/2020	VulD...	cvss2_nvd_ci	P	nvd.nist.gov	11/20/2020	accepted	70
10639953	11/20/2020	VulD...	cvss2_nvd_au	N	nvd.nist.gov	11/20/2020	accepted	70
10639952	11/20/2020	VulD...	cvss2_nvd_ac	L	nvd.nist.gov	11/20/2020	accepted	70
10639951	11/20/2020	VulD...	cvss2_nvd_av	A	nvd.nist.gov	11/20/2020	accepted	70
10639950	11/20/2020	VulD...	confirm_url	https://kb.juniper.net/JSA11071	cve.mitre.org	11/20/2020	accepted	70
10639949	11/20/2020	VulD...	cve_nvd_summary	Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the "bounded receive delay", there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.	cve.mitre.org	11/20/2020	accepted	70
10639948	11/20/2020	VulD...	cve_assigned	1572822000	cve.mitre.org	11/20/2020	accepted	70
10639958	11/19/2020	VulD...	cvss2_nvd_basescore	4.8	nist.gov	11/19/2020	accepted	90
10528421	10/17/2020	VulD...	price_0day	$5k-$25k	see documentation	10/17/2020	accepted	90
10528420	10/17/2020	VulD...	cvss3_meta_tempscore	5.2	see documentation	10/17/2020	accepted	90
10528419	10/17/2020	VulD...	cvss3_meta_basescore	5.4	see documentation	10/17/2020	accepted	90
10528418	10/17/2020	VulD...	cvss3_vuldb_tempscore	5.2		10/17/2020	accepted	90
10528417	10/17/2020	VulD...	cvss3_vuldb_basescore	5.4		10/17/2020	accepted	90
10528416	10/17/2020	VulD...	cvss2_vuldb_tempscore	4.2		10/17/2020	accepted	90
10528415	10/17/2020	VulD...	cvss2_vuldb_basescore	4.8		10/17/2020	accepted	90
10528414	10/17/2020	VulD...	cvss3_vuldb_e	X	derived from historical data	10/17/2020	accepted	80
10528413	10/17/2020	VulD...	cvss2_vuldb_rc	ND	derived from historical data	10/17/2020	accepted	80