Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-038
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Juniper Junos OS. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions antérieures à 15.1R7-S9, 17.3R3-S11, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R2 et 20.3R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S9, 17.3R3-S11, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R2 et 20.3R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0223"
},
{
"name": "CVE-2021-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0204"
}
],
"initial_release_date": "2021-01-15T00:00:00",
"last_revision_date": "2021-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-038",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Junos OS.\nElles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Junos OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11114 du 15 janvier 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11114\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CVE-2021-0204 (GCVE-0-2021-0204)
Vulnerability from cvelistv5
Published
2021-01-15 17:35
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: 15.1 < 15.1R7-S8 Version: 15.1X49 < 15.1X49-D230 Version: 17.3 < 17.3R3-S9 Version: 17.4 < 17.4R2-S12, 17.4R3-S3 Version: 18.1 < 18.1R3-S11 Version: 18.2 < 18.2R3-S6 Version: 18.2X75 < 18.2X75-D34 Version: 18.3 < 18.3R3-S4 Version: 18.4 < 18.4R2-S7, 18.4R3-S6 Version: 19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S3 Version: 19.2 < 19.2R1-S5, 19.2R3-S1 Version: 19.3 < 19.3R2-S5, 19.3R3-S1 Version: 19.4 < 19.4R1-S3, 19.4R2-S2, 19.4R3-S1 Version: 20.1 < 20.1R1-S4, 20.1R2 Version: 20.2 < 20.2R1-S2, 20.2R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S8",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D230",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S9",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D34",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S7, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S5, 19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3-S1",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S2, 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:35:52",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11114"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S8, 15.1X49-D230, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D34, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R1-S6, 19.1R2-S2, 19.1R3-S3, 19.2R1-S5, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1-S2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11114",
"defect": [
"1529210"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: dexp Local Privilege Escalation vulnerabilities in SUID binaries",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts.\n\nLimit access to the Junos OS shell to only trusted system administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0204",
"STATE": "PUBLIC",
"TITLE": "Junos OS: dexp Local Privilege Escalation vulnerabilities in SUID binaries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S8"
},
{
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D230"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D34"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S7, 18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S6, 19.1R2-S2, 19.1R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S5, 19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2-S2, 19.4R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R1-S2, 20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11114",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11114"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S8, 15.1X49-D230, 17.3R3-S9, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.2X75-D34, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R1-S6, 19.1R2-S2, 19.1R3-S3, 19.2R1-S5, 19.2R3-S1, 19.3R2-S5, 19.3R3-S1, 19.4R1-S3, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R1-S2, 20.2R2, 20.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11114",
"defect": [
"1529210"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts.\n\nLimit access to the Junos OS shell to only trusted system administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0204",
"datePublished": "2021-01-15T17:35:52.863767Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-16T23:00:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-0223 (GCVE-0-2021-0223)
Vulnerability from cvelistv5
Published
2021-01-15 17:36
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Summary
A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Version: unspecified < 15.1R7-S9 Version: 17.3 < 17.3R3-S11 Version: 17.4 < 17.4R2-S12, 17.4R3-S3 Version: 18.1 < 18.1R3-S11 Version: 18.2 < 18.2R3-S6 Version: 18.3 < 18.3R2-S4, 18.3R3-S4 Version: 18.4 < 18.4R2-S7, 18.4R3-S6 Version: 19.1 < 19.1R2-S2, 19.1R3-S4 Version: 19.2 < 19.2R1-S6, 19.2R3-S1 Version: 19.3 < 19.3R3-S1 Version: 19.4 < 19.4R2-S2, 19.4R3 Version: 20.1 < 20.1R1-S4, 20.1R2 Version: 20.2 < 20.2R2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "15.1R7-S9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S11",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S7, 18.4R3-S6",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3-S4",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S6, 19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S1",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"datePublic": "2021-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-15T17:36:03",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11114"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S9*, 17.3R3-S11*, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.\n\n*Late availability"
}
],
"source": {
"advisory": "JSA11114",
"defect": [
"1525318"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts.\n\nLimit access to the Junos OS shell to only trusted system administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-01-13T17:00:00.000Z",
"ID": "CVE-2021-0223",
"STATE": "PUBLIC",
"TITLE": "Junos OS: telnetd.real Local Privilege Escalation vulnerabilities in SUID binaries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "15.1R7-S9"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S12, 17.4R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S11"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S7, 18.4R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3-S4"
},
{
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S6, 19.2R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S2, 19.4R3"
},
{
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
},
{
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. telnetd.real is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run telnetd.real with root privileges. This issue affects Juniper Networks Junos OS: all versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11114",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11114"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 15.1R7-S9*, 17.3R3-S11*, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R2-S4, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.\n\n*Late availability"
}
],
"source": {
"advisory": "JSA11114",
"defect": [
"1525318"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts.\n\nLimit access to the Junos OS shell to only trusted system administrators."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0223",
"datePublished": "2021-01-15T17:36:03.281858Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:46:49.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…