admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/0xxx/CVE-2021-0252.json

157 lines
6.7 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
{
"CVE_data_meta": {
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information.
2021-04-22 13:31:05 -06:00
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
"ID": "CVE-2021-0252",
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information.
2021-04-22 13:31:05 -06:00
"STATE": "PUBLIC",
"TITLE": "Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation"
"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
},
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information.
2021-04-22 13:31:05 -06:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "NFX Series",
"version_affected": ">=",
"version_name": "18.1",
"version_value": "18.1R1"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "18.2",
"version_value": "18.2R3-S5"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S3"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3-S4"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R1-S3, 19.1R2"
},
{
"platform": "NFX Series",
"version_affected": "<",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"version_affected": "!<",
"version_value": "18.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "There is no specific software configuration required to be affected by this issue on affected platforms and products."
}
],
"credit": [
{
"lang": "eng",
"value": "Loic RESTOUX from Orange group"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2021-04-22 20:00:45 +00:00
"value": "NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020."
"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
}
]
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information.
2021-04-22 13:31:05 -06:00
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2021-04-22 20:00:45 +00:00
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11145",
"name": "https://kb.juniper.net/JSA11145"
Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information. Juniper JSA publication 2021-04. See https://advisory.juniper.net for more information.
2021-04-22 13:31:05 -06:00
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS: 18.2R3-S5, 18.3R2-S4, 18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R1-S3, 19.1R2, 19.2R1-S5, 19.2R2, 19.3R1 and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11145",
"defect": [
"1452147"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for these issue.\n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users."
}
]
"-Synchronized-Data."
2020-10-27 14:01:52 +00:00
}
Reference in New Issue Copy Permalink