Multiple vulnerabilities in Juniper Networks Mist Access Point

Published: 2021-05-12

Risk	Low
Patch available	YES
Number of vulnerabilities	8
CVE-ID	CVE-2020-26145 CVE-2020-26141 CVE-2020-26142 CVE-2020-26139 CVE-2020-26147 CVE-2020-26146 CVE-2020-26143 CVE-2020-26140
CWE-ID	CWE-20
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	Mist Access Point Hardware solutions / Routers & switches, VoIP, GSM, etc AP21 Hardware solutions / Routers & switches, VoIP, GSM, etc AP41 Hardware solutions / Routers & switches, VoIP, GSM, etc AP61 Hardware solutions / Routers & switches, VoIP, GSM, etc AP43 Hardware solutions / Routers & switches, VoIP, GSM, etc AP63 Hardware solutions / Routers & switches, VoIP, GSM, etc AP12 Hardware solutions / Routers & switches, VoIP, GSM, etc AP32 Hardware solutions / Routers & switches, VoIP, GSM, etc AP33 Hardware solutions / Routers & switches, VoIP, GSM, etc
Vendor	Juniper Networks, Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU53155

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26145

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU53176

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26141

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. A remote attacker on the local network can inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU53175

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. A remote attacker on the local network can inject arbitrary network packets, independent of the network configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU53174

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26139

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU53172

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26147

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU53167

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26146

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. A remote attacker on the local network can exfiltrate selected fragments.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU53166

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26143

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU53161

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26140

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Mist Access Point: 0.5 - 0.9

AP21: All versions

AP41: All versions

AP61: All versions

AP43: All versions

AP63: All versions

AP12: All versions

AP32: All versions

AP33: All versions

CPE2.3

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11170&cat=SIRT_1&actp=LIST

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.