Details of VAR-202104-0582

ID

VAR-202104-0582

CVE

CVE-2021-0256

TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202104-1020

DESCRIPTION

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0256 // VULHUB: VHN-372158 // VULMON: CVE-2021-0256

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	17.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	17.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0

sources: NVD: CVE-2021-0256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0256
value:	LOW
Trust: 1.0
sirt@juniper.net:	CVE-2021-0256
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-1020
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-372158
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-0256
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-0256
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372158
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0256
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372158 // VULMON: CVE-2021-0256 // CNNVD: CNNVD-202104-1020 // NVD: CVE-2021-0256 // NVD: CVE-2021-0256

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-250	Trust: 1.0

sources: VULHUB: VHN-372158 // NVD: CVE-2021-0256

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1020

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1020

PATCH

title:

Juniper Networks Junos OS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150738

Trust: 0.6

sources: CNNVD: CNNVD-202104-1020

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0256	Trust: 1.8
db:	JUNIPER	id:	JSA11175	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-1020	Trust: 0.6
db:	VULHUB	id:	VHN-372158	Trust: 0.1
db:	VULMON	id:	CVE-2021-0256	Trust: 0.1

sources: VULHUB: VHN-372158 // VULMON: CVE-2021-0256 // CNNVD: CNNVD-202104-1020 // NVD: CVE-2021-0256

REFERENCES

url:	https://kb.juniper.net/jsa11175	Trust: 1.8
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0256	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372158 // VULMON: CVE-2021-0256 // CNNVD: CNNVD-202104-1020 // NVD: CVE-2021-0256

SOURCES

db:	VULHUB	id:	VHN-372158
db:	VULMON	id:	CVE-2021-0256
db:	CNNVD	id:	CNNVD-202104-1020
db:	NVD	id:	CVE-2021-0256

LAST UPDATE DATE

2024-08-14T13:23:39.542000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372158	date:	2021-04-28T00:00:00
db:	VULMON	id:	CVE-2021-0256	date:	2021-04-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-1020	date:	2021-05-17T00:00:00
db:	NVD	id:	CVE-2021-0256	date:	2021-04-28T22:37:14.567

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372158	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-0256	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-1020	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-0256	date:	2021-04-22T20:15:09.527