admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/0xxx/CVE-2021-0256.json
CVE Team c1c4ddc6c2
"-Synchronized-Data."
2021-04-22 20:00:45 +00:00

156 lines
6.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0256",
"STATE": "PUBLIC",
"TITLE": "Junos OS: mosquitto Local Privilege Escalation vulnerability in SUID binaries"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.3",
"version_value": "17.3R3-S12"
},
{
"version_affected": "<",
"version_name": "17.4",
"version_value": "17.4R3-S4"
},
{
"version_affected": "<",
"version_name": "18.1",
"version_value": "18.1R3-S12"
},
{
"version_affected": "<",
"version_name": "18.3",
"version_value": "18.3R3-S4"
},
{
"version_affected": "<",
"version_name": "19.1",
"version_value": "19.1R3-S4"
},
{
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R3-S1, 19.3R3-S2"
},
{
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S3"
},
{
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R2"
},
{
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R1-S3, 20.2R2, 20.2R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juniper SIRT would like to acknowledge and thank Ho\u00e0ng Th\u1ea1ch Nguy\u1ec5n (d4rkn3ss) of STAR Labs for responsibly reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250 Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11175",
"name": "https://kb.juniper.net/JSA11175"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S12, 17.4R3-S4, 18.1R3-S12, 19.1R3-S4, 19.3R3-S1, 19.3R3-S2, 19.4R2-S3, 20.1R2, 20.2R1-S3, 20.2R2, 20.2R3, 20.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11175",
"defect": [
"1529211"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the device only from trusted hosts. Limit shell access to only trusted system administrators.\n"
}
]
}
Reference in New Issue View Git Blame Copy Permalink