Sign-up

ID

VAR-202104-0581


CVE

CVE-2021-0255


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202104-1026

DESCRIPTION

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0255 // VULHUB: VHN-372157 // VULMON: CVE-2021-0255

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-0255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0255
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0255
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-1026
value: HIGH

Trust: 0.6

VULHUB: VHN-372157
value: HIGH

Trust: 0.1

VULMON: CVE-2021-0255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0255
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372157
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0255
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2021-0255
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372157 // VULMON: CVE-2021-0255 // CNNVD: CNNVD-202104-1026 // NVD: CVE-2021-0255 // NVD: CVE-2021-0255

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-250

Trust: 1.0

sources: VULHUB: VHN-372157 // NVD: CVE-2021-0255

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1026

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1026

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148820

Trust: 0.6

sources: CNNVD: CNNVD-202104-1026

EXTERNAL IDS

db:NVDid:CVE-2021-0255

Trust: 1.8

db:JUNIPERid:JSA11175

Trust: 1.8

db:CNNVDid:CNNVD-202104-1026

Trust: 0.6

db:VULHUBid:VHN-372157

Trust: 0.1

db:VULMONid:CVE-2021-0255

Trust: 0.1

sources: VULHUB: VHN-372157 // VULMON: CVE-2021-0255 // CNNVD: CNNVD-202104-1026 // NVD: CVE-2021-0255

REFERENCES

url:https://kb.juniper.net/jsa11175

Trust: 1.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0255

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372157 // VULMON: CVE-2021-0255 // CNNVD: CNNVD-202104-1026 // NVD: CVE-2021-0255

SOURCES

db:VULHUBid:VHN-372157
db:VULMONid:CVE-2021-0255
db:CNNVDid:CNNVD-202104-1026
db:NVDid:CVE-2021-0255

LAST UPDATE DATE

2024-08-14T13:23:39.516000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372157date:2021-04-28T00:00:00
db:VULMONid:CVE-2021-0255date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202104-1026date:2021-04-29T00:00:00
db:NVDid:CVE-2021-0255date:2021-04-28T22:38:04.827

SOURCES RELEASE DATE

db:VULHUBid:VHN-372157date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-0255date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-1026date:2021-04-14T00:00:00
db:NVDid:CVE-2021-0255date:2021-04-22T20:15:09.493