ID

VAR-202101-1389


CVE

CVE-2021-0218


TITLE

Juniper Networks Junos OS  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002455

DESCRIPTION

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK

Trust: 1.71

sources: NVD: CVE-2021-0218 // JVNDB: JVNDB-2021-002455 // VULHUB: VHN-372120

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002455 // NVD: CVE-2021-0218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0218
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0218
value: HIGH

Trust: 1.0

NVD: CVE-2021-0218
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1118
value: HIGH

Trust: 0.6

VULHUB: VHN-372120
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0218
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-372120
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0218
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-002455
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-372120 // JVNDB: JVNDB-2021-002455 // CNNVD: CNNVD-202101-1118 // NVD: CVE-2021-0218 // NVD: CVE-2021-0218

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-372120 // JVNDB: JVNDB-2021-002455 // NVD: CVE-2021-0218

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1118

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1118

PATCH

title:JSA11108url:https://kb.juniper.net/JSA11108

Trust: 0.8

sources: JVNDB: JVNDB-2021-002455

EXTERNAL IDS

db:NVDid:CVE-2021-0218

Trust: 2.5

db:JUNIPERid:JSA11108

Trust: 1.7

db:JVNDBid:JVNDB-2021-002455

Trust: 0.8

db:CNNVDid:CNNVD-202101-1118

Trust: 0.7

db:VULHUBid:VHN-372120

Trust: 0.1

sources: VULHUB: VHN-372120 // JVNDB: JVNDB-2021-002455 // CNNVD: CNNVD-202101-1118 // NVD: CVE-2021-0218

REFERENCES

url:https://kb.juniper.net/jsa11108

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-0218

Trust: 1.4

url:https://vigilance.fr/vulnerability/junos-os-privilege-escalation-via-license-check-daemon-34334

Trust: 0.6

sources: VULHUB: VHN-372120 // JVNDB: JVNDB-2021-002455 // CNNVD: CNNVD-202101-1118 // NVD: CVE-2021-0218

SOURCES

db:VULHUBid:VHN-372120
db:JVNDBid:JVNDB-2021-002455
db:CNNVDid:CNNVD-202101-1118
db:NVDid:CVE-2021-0218

LAST UPDATE DATE

2024-08-14T15:38:11.689000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372120date:2021-02-05T00:00:00
db:JVNDBid:JVNDB-2021-002455date:2021-09-16T08:59:00
db:CNNVDid:CNNVD-202101-1118date:2021-01-25T00:00:00
db:NVDid:CVE-2021-0218date:2021-02-05T16:49:04.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-372120date:2021-01-15T00:00:00
db:JVNDBid:JVNDB-2021-002455date:2021-09-16T00:00:00
db:CNNVDid:CNNVD-202101-1118date:2021-01-13T00:00:00
db:NVDid:CVE-2021-0218date:2021-01-15T18:15:15.510