Sign-up

ID

VAR-202104-0551


CVE

CVE-2021-0268


TITLE

Juniper Networks Junos OS Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-1012

DESCRIPTION

An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0268 // VULHUB: VHN-372170 // VULMON: CVE-2021-0268

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

sources: NVD: CVE-2021-0268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0268
value: CRITICAL

Trust: 1.0

sirt@juniper.net: CVE-2021-0268
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-1012
value: CRITICAL

Trust: 0.6

VULHUB: VHN-372170
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-0268
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-0268
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372170
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0268
baseSeverity: CRITICAL
baseScore: 9.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.8
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2021-0268
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 5.3
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372170 // VULMON: CVE-2021-0268 // CNNVD: CNNVD-202104-1012 // NVD: CVE-2021-0268 // NVD: CVE-2021-0268

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.1

problemtype:CWE-79

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-113

Trust: 1.0

sources: VULHUB: VHN-372170 // NVD: CVE-2021-0268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1012

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-1012

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150737

Trust: 0.6

sources: CNNVD: CNNVD-202104-1012

EXTERNAL IDS

db:NVDid:CVE-2021-0268

Trust: 1.8

db:JUNIPERid:JSA11159

Trust: 1.8

db:AUSCERTid:ESB-2021.1814

Trust: 0.6

db:CNNVDid:CNNVD-202104-1012

Trust: 0.6

db:VULHUBid:VHN-372170

Trust: 0.1

db:VULMONid:CVE-2021-0268

Trust: 0.1

sources: VULHUB: VHN-372170 // VULMON: CVE-2021-0268 // CNNVD: CNNVD-202104-1012 // NVD: CVE-2021-0268

REFERENCES

url:https://kb.juniper.net/jsa11159

Trust: 1.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0268

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1814

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372170 // VULMON: CVE-2021-0268 // CNNVD: CNNVD-202104-1012 // NVD: CVE-2021-0268

SOURCES

db:VULHUBid:VHN-372170
db:VULMONid:CVE-2021-0268
db:CNNVDid:CNNVD-202104-1012
db:NVDid:CVE-2021-0268

LAST UPDATE DATE

2024-11-23T22:25:05.545000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372170date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-0268date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202104-1012date:2022-08-10T00:00:00
db:NVDid:CVE-2021-0268date:2024-11-21T05:42:21.720

SOURCES RELEASE DATE

db:VULHUBid:VHN-372170date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-0268date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-1012date:2021-04-14T00:00:00
db:NVDid:CVE-2021-0268date:2021-04-22T20:15:09.943