Details of VAR-202104-0573

ID

VAR-202104-0573

CVE

CVE-2021-0232

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Juniper Networks Paragon is an application software of Juniper Corporation in the United States. A real-time network topology view

Trust: 1.62

sources: NVD: CVE-2021-0232 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372134 // VULMON: CVE-2021-0232

AFFECTED PRODUCTS

vendor:	juniper	model:	paragon active assurance control center	scope:	lt	version:	2.35.6	Trust: 1.0
vendor:	juniper	model:	paragon active assurance control center	scope:	lt	version:	2.36.2	Trust: 1.0
vendor:	juniper	model:	paragon active assurance control center	scope:	gte	version:	2.36	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0

sources: NVD: CVE-2021-0232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0232
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-0232
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1349
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372134
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-0232
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0232
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372134
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0232
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-372134 // VULMON: CVE-2021-0232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1349 // NVD: CVE-2021-0232 // NVD: CVE-2021-0232

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.1
problemtype:	CWE-284	Trust: 1.0

sources: VULHUB: VHN-372134 // NVD: CVE-2021-0232

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Juniper Networks Paragon Fixes for access control error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148321

Trust: 0.6

sources: CNNVD: CNNVD-202104-1349

EXTERNAL IDS

db:	JUNIPER	id:	JSA11127	Trust: 1.8
db:	NVD	id:	CVE-2021-0232	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-1349	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021041908	Trust: 0.6
db:	VULHUB	id:	VHN-372134	Trust: 0.1
db:	VULMON	id:	CVE-2021-0232	Trust: 0.1

sources: VULHUB: VHN-372134 // VULMON: CVE-2021-0232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1349 // NVD: CVE-2021-0232

REFERENCES

url:	https://kb.juniper.net/jsa11127	Trust: 1.8
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tnpcv3krdi5plllkadfviohacqjlzmli/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tnpcv3krdi5plllkadfviohacqjlzmli/	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0232	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041908	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372134 // VULMON: CVE-2021-0232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1349 // NVD: CVE-2021-0232

SOURCES

db:	VULHUB	id:	VHN-372134
db:	VULMON	id:	CVE-2021-0232
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1349
db:	NVD	id:	CVE-2021-0232

LAST UPDATE DATE

2024-08-14T12:05:20.374000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372134	date:	2022-09-20T00:00:00
db:	VULMON	id:	CVE-2021-0232	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1349	date:	2022-09-21T00:00:00
db:	NVD	id:	CVE-2021-0232	date:	2023-11-07T03:27:21.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372134	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-0232	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1349	date:	2021-04-19T00:00:00
db:	NVD	id:	CVE-2021-0232	date:	2021-04-22T20:15:08.707