Detections
Analytics

Juniper Junos OS Multiple Vulnerabilities (JSA69705)

critical Nessus Plugin ID 163770

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA69705 advisory.

 - ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
 (CVE-2021-36690)

 - A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. (CVE-2021-20227)

 - In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. (CVE-2020-15358)

 - SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. (CVE-2020-13871)

 - ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. (CVE-2020-13632)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA69705

See Also

https://www.sqlite.org/cves.html

https://sqlite.org/releaselog/3_37_0.html

https://sqlite.org/releaselog/3_37_2.html

http://www.nessus.org/u?b453d5bb

Plugin Details

Severity: Critical

ID: 163770

File Name: juniper_jsa69705.nasl

Version: 1.8

Type: combined

Published: 8/3/2022

Updated: 10/28/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-11656

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/13/2022

Vulnerability Publication Date: 2/21/2020

Reference Information

CVE: CVE-2020-11655, CVE-2020-11656, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-13871, CVE-2020-15358, CVE-2020-9327, CVE-2021-20227, CVE-2021-36690

IAVA: 2022-A-0382-S

JSA: JSA69705