ID

VAR-202104-0570


CVE

CVE-2021-0245


TITLE

Juniper Networks Junos OS Trust Management Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-1035

DESCRIPTION

A Use of Hard-coded Credentials vulnerability in Juniper Networks Junos OS on Junos Fusion satellite devices allows an attacker who is local to the device to elevate their privileges and take control of the device. This issue affects: Juniper Networks Junos OS Junos Fusion Satellite Devices. 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S12, 17.1R3-S2; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10; 17.4 version 17.4R3 and later versions; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S4, 19.2R2; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R1-S1, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2. This issue does not affected Junos OS releases prior to 16.1R1 or all 19.2R3 and 19.4R3 release versions

Trust: 1.08

sources: NVD: CVE-2021-0245 // VULHUB: VHN-372147 // VULMON: CVE-2021-0245

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-0245

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0245
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0245
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-1035
value: HIGH

Trust: 0.6

VULHUB: VHN-372147
value: HIGH

Trust: 0.1

VULMON: CVE-2021-0245
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0245
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372147
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0245
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372147 // VULMON: CVE-2021-0245 // CNNVD: CNNVD-202104-1035 // NVD: CVE-2021-0245 // NVD: CVE-2021-0245

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

sources: VULHUB: VHN-372147 // NVD: CVE-2021-0245

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1035

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-1035

PATCH

title:Juniper Networks Junos OS Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148282

Trust: 0.6

sources: CNNVD: CNNVD-202104-1035

EXTERNAL IDS

db:JUNIPERid:JSA11138

Trust: 1.8

db:NVDid:CVE-2021-0245

Trust: 1.8

db:CNNVDid:CNNVD-202104-1035

Trust: 0.6

db:VULHUBid:VHN-372147

Trust: 0.1

db:VULMONid:CVE-2021-0245

Trust: 0.1

sources: VULHUB: VHN-372147 // VULMON: CVE-2021-0245 // CNNVD: CNNVD-202104-1035 // NVD: CVE-2021-0245

REFERENCES

url:https://kb.juniper.net/jsa11138

Trust: 1.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0245

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372147 // VULMON: CVE-2021-0245 // CNNVD: CNNVD-202104-1035 // NVD: CVE-2021-0245

SOURCES

db:VULHUBid:VHN-372147
db:VULMONid:CVE-2021-0245
db:CNNVDid:CNNVD-202104-1035
db:NVDid:CVE-2021-0245

LAST UPDATE DATE

2024-08-14T13:43:34.428000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372147date:2021-04-28T00:00:00
db:VULMONid:CVE-2021-0245date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202104-1035date:2021-04-29T00:00:00
db:NVDid:CVE-2021-0245date:2021-04-28T01:03:06.777

SOURCES RELEASE DATE

db:VULHUBid:VHN-372147date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-0245date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-1035date:2021-04-14T00:00:00
db:NVDid:CVE-2021-0245date:2021-04-22T20:15:09.157