Details of VAR-202101-1391

ID

VAR-202101-1391

CVE

CVE-2021-0220

TITLE

Junos Space Network Management Platform Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002457

DESCRIPTION

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser (for example via XSS) or access cached contents may be able to obtain a copy of credentials managed by Junos Space. The impact of a successful attack includes, but is not limited to, obtaining access to other servers connected to the Junos Space Management Platform. This issue affects Juniper Networks Junos Space versions prior to 20.3R1. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Junos OS that could allow an attacker to bypass access-restricted data to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2021-0220 // JVNDB: JVNDB-2021-002457 // VULHUB: VHN-372122

AFFECTED PRODUCTS

vendor:	juniper	model:	junos space	scope:	eq	version:	11.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	11.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.4	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.0	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	11.4	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	17.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	12.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	17.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	12.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.1r1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	16.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	11.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	18.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	1.2	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	13.1	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	2.0	Trust: 1.0
vendor:	juniper	model:	junos space	scope:	eq	version:	15.2	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos space	scope:	eq	version:	20.3r1	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos space	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002457 // NVD: CVE-2021-0220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0220
value:	LOW
Trust: 1.0
sirt@juniper.net:	CVE-2021-0220
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-0220
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1121
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372122
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-0220
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-372122
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0220
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	4.0
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-002457
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-372122 // JVNDB: JVNDB-2021-002457 // CNNVD: CNNVD-202101-1121 // NVD: CVE-2021-0220 // NVD: CVE-2021-0220

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-257	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-372122 // JVNDB: JVNDB-2021-002457 // NVD: CVE-2021-0220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1121

PATCH

title:	JSA11110	url:	https://kb.juniper.net/JSA11110	Trust: 0.8
title:	Juniper Networks Junos OS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139558	Trust: 0.6

sources: JVNDB: JVNDB-2021-002457 // CNNVD: CNNVD-202101-1121

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0220	Trust: 2.5
db:	JUNIPER	id:	JSA11110	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-002457	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1121	Trust: 0.7
db:	VULHUB	id:	VHN-372122	Trust: 0.1

sources: VULHUB: VHN-372122 // JVNDB: JVNDB-2021-002457 // CNNVD: CNNVD-202101-1121 // NVD: CVE-2021-0220

REFERENCES

url:	https://kb.juniper.net/jsa11110	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0220	Trust: 1.4
url:	https://vigilance.fr/vulnerability/juniper-junos-space-information-disclosure-via-clear-text-shared-secrets-34336	Trust: 0.6

sources: VULHUB: VHN-372122 // JVNDB: JVNDB-2021-002457 // CNNVD: CNNVD-202101-1121 // NVD: CVE-2021-0220

SOURCES

db:	VULHUB	id:	VHN-372122
db:	JVNDB	id:	JVNDB-2021-002457
db:	CNNVD	id:	CNNVD-202101-1121
db:	NVD	id:	CVE-2021-0220

LAST UPDATE DATE

2024-11-23T22:33:09.318000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372122	date:	2021-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-002457	date:	2021-09-16T08:59:00
db:	CNNVD	id:	CNNVD-202101-1121	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-0220	date:	2024-11-21T05:42:14.073

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372122	date:	2021-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-002457	date:	2021-09-16T00:00:00
db:	CNNVD	id:	CNNVD-202101-1121	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-0220	date:	2021-01-15T18:15:15.667