ID

VAR-202110-0386


CVE

CVE-2021-31350


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-971

DESCRIPTION

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31350 // VULHUB: VHN-391098 // VULMON: CVE-2021-31350

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

sources: NVD: CVE-2021-31350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31350
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-31350
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-971
value: HIGH

Trust: 0.6

VULHUB: VHN-391098
value: HIGH

Trust: 0.1

VULMON: CVE-2021-31350
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-31350
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391098
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31350
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2021-31350
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391098 // VULMON: CVE-2021-31350 // CNNVD: CNNVD-202110-971 // NVD: CVE-2021-31350 // NVD: CVE-2021-31350

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-391098 // NVD: CVE-2021-31350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-971

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-971

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166586

Trust: 0.6

sources: CNNVD: CNNVD-202110-971

EXTERNAL IDS

db:NVDid:CVE-2021-31350

Trust: 1.8

db:JUNIPERid:JSA11215

Trust: 1.8

db:CNNVDid:CNNVD-202110-971

Trust: 0.7

db:CS-HELPid:SB2021101913

Trust: 0.6

db:AUSCERTid:ESB-2021.3434

Trust: 0.6

db:VULHUBid:VHN-391098

Trust: 0.1

db:VULMONid:CVE-2021-31350

Trust: 0.1

sources: VULHUB: VHN-391098 // VULMON: CVE-2021-31350 // CNNVD: CNNVD-202110-971 // NVD: CVE-2021-31350

REFERENCES

url:https://kb.juniper.net/jsa11215

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021101913

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3434

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-31350

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391098 // VULMON: CVE-2021-31350 // CNNVD: CNNVD-202110-971 // NVD: CVE-2021-31350

SOURCES

db:VULHUBid:VHN-391098
db:VULMONid:CVE-2021-31350
db:CNNVDid:CNNVD-202110-971
db:NVDid:CVE-2021-31350

LAST UPDATE DATE

2024-08-14T15:27:36.376000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391098date:2021-10-25T00:00:00
db:VULMONid:CVE-2021-31350date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202110-971date:2021-10-26T00:00:00
db:NVDid:CVE-2021-31350date:2021-10-25T12:58:38.770

SOURCES RELEASE DATE

db:VULHUBid:VHN-391098date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31350date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-971date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31350date:2021-10-19T19:15:08.537