SB2021051212 - Multiple vulnerabilities in Juniper Networks Mist Access Point

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2020-26145)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.

2) Input validation error (CVE-ID: CVE-2020-26141)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. A remote attacker on the local network can inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

3) Input validation error (CVE-ID: CVE-2020-26142)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. A remote attacker on the local network can inject arbitrary network packets, independent of the network configuration.

4) Input validation error (CVE-ID: CVE-2020-26139)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.

5) Input validation error (CVE-ID: CVE-2020-26147)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments

6) Input validation error (CVE-ID: CVE-2020-26146)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. A remote attacker on the local network can exfiltrate selected fragments.

7) Input validation error (CVE-ID: CVE-2020-26143)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.

8) Input validation error (CVE-ID: CVE-2020-26140)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.

Remediation

Install update from vendor's website.

References

• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST
• https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST