CVE-2020-1631 Explained : Impact and Mitigation

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. The impact includes executing commands into httpd.log, reading files with 'world' readable permission, and obtaining J-Web session tokens.

Understanding CVE-2020-1631

This CVE affects Juniper Networks Junos OS with enabled HTTP/HTTPS services.

What is CVE-2020-1631?

The vulnerability allows unauthorized access to J-Web, potentially leading to command injection, file reading, and session token retrieval.

The Impact of CVE-2020-1631

CVSS score of 5.3 to 8.8, indicating a range from limited command execution to potential administrator access via J-Web.
Exploitation may result in reading configuration files on Junos OS 19.3R1 and above.

Technical Details of CVE-2020-1631

The vulnerability affects multiple Junos OS versions and their respective configurations.

Vulnerability Description

The issue enables unauthenticated attackers to exploit HTTP/HTTPS services, compromising J-Web and related services.

Affected Systems and Versions

Versions like 12.3 to 20.1 of Junos OS with specific build versions are affected.

Exploitation Mechanism

Allows LFI and path traversal through HTTP/HTTPS services.

Mitigation and Prevention

Steps to address the vulnerability and prevent exploitation.

Immediate Steps to Take

Deactivate system services web-management and security dynamic-vpn or limit HTTP service to trusted hosts.

Long-Term Security Practices

Regularly monitor logs for suspicious activities.
Practice secure network configurations and access control.

Patching and Updates

Update to fixed Junos OS versions provided by Juniper Networks.