CVE-2021-31360
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 15.1 < 15.1R7-S10 | affected |
| Juniper Networks | Junos OS | 17.4 < 17.4R3-S5 | affected |
| Juniper Networks | Junos OS | 18.3 < 18.3R3-S5 | affected |
| Juniper Networks | Junos OS | 18.4 < 18.4R3-S9 | affected |
| Juniper Networks | Junos OS | 19.1 < 19.1R3-S6 | affected |
| Juniper Networks | Junos OS | 19.2 < 19.2R1-S7, 19.2R3-S3 | affected |
| Juniper Networks | Junos OS | 19.3 < 19.3R2-S6, 19.3R3-S3 | affected |
| Juniper Networks | Junos OS | 19.4 < 19.4R3-S6 | affected |
| Juniper Networks | Junos OS | 20.1 < 20.1R2-S2, 20.1R3-S1 | affected |
| Juniper Networks | Junos OS | 20.2 < 20.2R3-S2 | affected |
| Juniper Networks | Junos OS | 20.3 < 20.3R3 | affected |
| Juniper Networks | Junos OS | 20.4 < 20.4R2-S1, 20.4R3 | affected |
| Juniper Networks | Junos OS | 21.1 < 21.1R1-S1, 21.1R2 | affected |
| Juniper Networks | Junos OS Evolved | unspecified < 20.4R2-S3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.1R1-EVO < 21.1* | affected |
Weaknesses
- CWE-269: CWE-269 Improper Privilege Management
- CWE-20: CWE-20 Improper Input Validation
- Denial of Service (DoS)
Workarounds
Use access lists or firewall filters to limit access to the device via CLI only from trusted hosts and from trusted administrators.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.