CVE-2020-1637
08.04.2020, 20:15
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D100; 15.1X49 versions prior to 15.1X49-D210; 17.3 versions prior to 17.3R2-S5, 17.3R3-S8; 17.4 versions prior to 17.4R2-S9, 17.4R3-S1; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2-S1, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2.Enginsight
| Vendor | Product | Version |
|---|---|---|
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 12.3x48:x48 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 15.1x49:x49 |
| juniper | junos | 17.3 |
| juniper | junos | 17.3:r1-s1 |
| juniper | junos | 17.3:r2 |
| juniper | junos | 17.3:r2-s1 |
| juniper | junos | 17.3:r2-s2 |
| juniper | junos | 17.3:r2-s3 |
| juniper | junos | 17.3:r2-s4 |
| juniper | junos | 17.3:r3 |
| juniper | junos | 17.3:r3-s1 |
| juniper | junos | 17.3:r3-s2 |
| juniper | junos | 17.3:r3-s3 |
| juniper | junos | 17.3:r3-s4 |
| juniper | junos | 17.3:r3-s5 |
| juniper | junos | 17.3:r3-s6 |
| juniper | junos | 17.3:r3-s7 |
| juniper | junos | 17.4 |
| juniper | junos | 17.4:r1 |
| juniper | junos | 17.4:r1-s1 |
| juniper | junos | 17.4:r1-s2 |
| juniper | junos | 17.4:r1-s4 |
| juniper | junos | 17.4:r1-s5 |
| juniper | junos | 17.4:r1-s6 |
| juniper | junos | 17.4:r1-s7 |
| juniper | junos | 17.4:r2 |
| juniper | junos | 17.4:r2-s1 |
| juniper | junos | 17.4:r2-s2 |
| juniper | junos | 17.4:r2-s3 |
| juniper | junos | 17.4:r2-s4 |
| juniper | junos | 17.4:r2-s5 |
| juniper | junos | 17.4:r2-s6 |
| juniper | junos | 17.4:r2-s7 |
| juniper | junos | 17.4:r2-s8 |
| juniper | junos | 17.4:r3 |
| juniper | junos | 18.1 |
| juniper | junos | 18.1:r2 |
| juniper | junos | 18.1:r2-s1 |
| juniper | junos | 18.1:r2-s2 |
| juniper | junos | 18.1:r2-s4 |
| juniper | junos | 18.1:r3 |
| juniper | junos | 18.1:r3-s1 |
| juniper | junos | 18.1:r3-s2 |
| juniper | junos | 18.1:r3-s3 |
| juniper | junos | 18.1:r3-s4 |
| juniper | junos | 18.1:r3-s6 |
| juniper | junos | 18.1:r3-s7 |
| juniper | junos | 18.1:r3-s8 |
| juniper | junos | 18.1:r3-s9 |
| juniper | junos | 18.2 |
| juniper | junos | 18.2:r1 |
| juniper | junos | 18.2:r1-s3 |
| juniper | junos | 18.2:r1-s5 |
| juniper | junos | 18.2:r2-s1 |
| juniper | junos | 18.2:r2-s2 |
| juniper | junos | 18.2:r2-s3 |
| juniper | junos | 18.2:r2-s4 |
| juniper | junos | 18.2:r2-s5 |
| juniper | junos | 18.2:r2-s6 |
| juniper | junos | 18.2:r3 |
| juniper | junos | 18.2:r3-s1 |
| juniper | junos | 18.2:r3-s2 |
| juniper | junos | 18.3 |
| juniper | junos | 18.3:r1 |
| juniper | junos | 18.3:r1-s1 |
| juniper | junos | 18.3:r1-s2 |
| juniper | junos | 18.3:r1-s3 |
| juniper | junos | 18.3:r1-s4 |
| juniper | junos | 18.3:r1-s5 |
| juniper | junos | 18.3:r1-s6 |
| juniper | junos | 18.3:r2 |
| juniper | junos | 18.3:r2-s1 |
| juniper | junos | 18.3:r2-s2 |
| juniper | junos | 18.3:r3 |
| juniper | junos | 18.3:r3-s1 |
| juniper | junos | 18.4 |
| juniper | junos | 18.4:r1 |
| juniper | junos | 18.4:r1-s1 |
| juniper | junos | 18.4:r1-s2 |
| juniper | junos | 18.4:r1-s3 |
| juniper | junos | 18.4:r1-s4 |
| juniper | junos | 18.4:r1-s5 |
| juniper | junos | 18.4:r2 |
| juniper | junos | 18.4:r2-s1 |
| juniper | junos | 18.4:r2-s2 |
| juniper | junos | 18.4:r2-s3 |
| juniper | junos | 18.4:r3 |
| juniper | junos | 19.1 |
| juniper | junos | 19.1:r1 |
| juniper | junos | 19.1:r1-s1 |
| juniper | junos | 19.1:r1-s2 |
| juniper | junos | 19.1:r1-s3 |
| juniper | junos | 19.1:r2 |
| juniper | junos | 19.2 |
| juniper | junos | 19.2:r1 |
| juniper | junos | 19.2:r1-s1 |
| juniper | junos | 19.2:r1-s2 |
| juniper | junos | 19.3:r2 |
| juniper | junos | 19.4:r1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-288 - Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.