CVE-2021-0278

Summary

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 19.3R1unaffected
Juniper NetworksJunos OS19.3R1 < 19.3*affected
Juniper NetworksJunos OS19.4 < 19.4R3-S5affected
Juniper NetworksJunos OS20.1 < 20.1R2-S2, 20.1R3-S1affected
Juniper NetworksJunos OS20.2 < 20.2R3-S2affected
Juniper NetworksJunos OS20.3 < 20.3R3affected
Juniper NetworksJunos OS20.4 < 20.4R2-S1, 20.4R3affected
Juniper NetworksJunos OS21.1 < 21.1R1-S1, 21.1R2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • Privilege Escalation

Workarounds

There are no viable workarounds for this issue other than disabling J-Web.

To reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.

ADP Enrichment

CVE Program Container

Additional References

References