admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/31xxx/CVE-2021-31350.json

176 lines
8.3 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
{
"CVE_data_meta": {
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
"ID": "CVE-2021-31350",
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"STATE": "PUBLIC",
"TITLE": "Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)"
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
},
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R1-S8, 18.4R2-S8, 18.4R3-S8"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S5"
},
{
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S7, 19.2R3-S2"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S2"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R1-S4, 19.4R2-S4, 19.4R3-S3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2-S2, 20.1R3"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R2-S3, 20.2R3"
},
{
"version_affected": "<",
"version_name": "20.3",
"version_value": "20.3R2-S1, 20.3R3"
},
{
"version_affected": "<",
"version_name": "20.4",
"version_value": "20.4R2"
},
{
"version_affected": "!<",
"version_value": "18.4R1"
}
]
}
},
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "20.4R2-EVO"
},
{
"version_affected": "<",
"version_name": "21.1-EVO",
"version_value": "21.1R2-EVO"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following is an example of enabling gRPC in Junos:\n\n set system services extension-service request-response grpc ssl\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2021-10-19 19:01:03 +00:00
"value": "An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO."
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
}
]
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11215",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11215"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, 19.1R2-S3, 19.1R3-S5, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S2, 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, 20.1R2-S2, 20.1R3, 20.2R2-S3, 20.2R3, 20.3R2-S1, 20.3R3, 20.4R2, 21.1R1, and all subsequent releases.\n\nJunos OS Evolved 20.4R2-EVO, 21.1R2-EVO, 21.2R1-EVO, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11215",
"defect": [
"1578302"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device via gRPC only from trusted hosts and from trusted administrators\n"
}
]
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
}
Reference in New Issue Copy Permalink