Rewterz Threat Advisory – CVE-2020-12025 – ICS: Rockwell Automation Logix Designer Studio 5000
July 10, 2020Rewterz Threat Advisory – CVE-2020-3974 – VMware XPC Client validation privilege escalation vulnerability
July 10, 2020Rewterz Threat Advisory – CVE-2020-12025 – ICS: Rockwell Automation Logix Designer Studio 5000
July 10, 2020Rewterz Threat Advisory – CVE-2020-3974 – VMware XPC Client validation privilege escalation vulnerability
July 10, 2020Severity
High
Analysis Summary
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. The offending HTTP message that causes this issue may originate both from the HTTP server or the client.
Impact
- Denial of Service
- Remote Code Execution
Affected Vendors
Juniper
Affected Products
- Junos OS 18.1
- 18.2
- 18.3
- 18.4
- 19.1
- 19.2
- 19.3
Remediation
Refer to Juniper advisory for the list of respective patches.
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11034&cat=SIRT_1&actp=LIST