CVE-2021-0260

Summary

An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S5; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R1-S8, 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S6, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 17.2R1unaffected
Juniper NetworksJunos OS17.2R1 < 17.2*affected
Juniper NetworksJunos OS17.3 < 17.3R3-S9affected
Juniper NetworksJunos OS17.4 < 17.4R2-S12, 17.4R3-S5affected
Juniper NetworksJunos OS18.1 < 18.1R3-S13affected
Juniper NetworksJunos OS18.2 < 18.2R3-S8affected
Juniper NetworksJunos OS18.3 < 18.3R3-S5affected
Juniper NetworksJunos OS18.4 < 18.4R1-S8, 18.4R2-S5, 18.4R3affected
Juniper NetworksJunos OS19.1 < 19.1R2affected
Juniper NetworksJunos OS19.2 < 19.2R1-S6, 19.2R2affected
Juniper NetworksJunos OS19.3 < 19.3R2affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization
  • CWE-497: CWE-497 Exposure of System Data to an Unauthorized Control Sphere

Workarounds

The following workaround command will disable SNMP support for the mgmt_junos routing interface and protect the device from being exploited:

set snmp disable-mgmt-junos-support

ADP Enrichment

CVE Program Container

Additional References

References