Details of VAR-202110-0613

ID

VAR-202110-0613

CVE

CVE-2021-31358

TITLE

Juniper Networks Junos OS Operating system operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-962

DESCRIPTION

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Juniper Networks Junos OS. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31358 // VULHUB: VHN-391106 // VULMON: CVE-2021-31358

AFFECTED PRODUCTS

vendor:	juniper	model:	junos os evolved	scope:	lte	version:	20.3	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	20.4	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.2	Trust: 1.0
vendor:	juniper	model:	junos os evolved	scope:	eq	version:	21.1	Trust: 1.0

sources: NVD: CVE-2021-31358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31358
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-31358
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202110-962
value:	HIGH
Trust: 0.6
VULHUB:	VHN-391106
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-31358
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-391106
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-31358
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-391106 // CNNVD: CNNVD-202110-962 // NVD: CVE-2021-31358 // NVD: CVE-2021-31358

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-77	Trust: 1.0

sources: VULHUB: VHN-391106 // NVD: CVE-2021-31358

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-962

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-962

PATCH

title:

Juniper Networks Junos OS Fixes for command injection vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=167326

Trust: 0.6

sources: CNNVD: CNNVD-202110-962

EXTERNAL IDS

db:	JUNIPER	id:	JSA11221	Trust: 1.8
db:	NVD	id:	CVE-2021-31358	Trust: 1.8
db:	CNNVD	id:	CNNVD-202110-962	Trust: 0.7
db:	CS-HELP	id:	SB2021101807	Trust: 0.6
db:	VULHUB	id:	VHN-391106	Trust: 0.1
db:	VULMON	id:	CVE-2021-31358	Trust: 0.1

sources: VULHUB: VHN-391106 // VULMON: CVE-2021-31358 // CNNVD: CNNVD-202110-962 // NVD: CVE-2021-31358

REFERENCES

url:	https://kb.juniper.net/jsa11221	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31358	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101807	Trust: 0.6
url:	https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-391106 // VULMON: CVE-2021-31358 // CNNVD: CNNVD-202110-962 // NVD: CVE-2021-31358

SOURCES

db:	VULHUB	id:	VHN-391106
db:	VULMON	id:	CVE-2021-31358
db:	CNNVD	id:	CNNVD-202110-962
db:	NVD	id:	CVE-2021-31358

LAST UPDATE DATE

2024-08-14T13:53:53.488000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-391106	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2021-31358	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-962	date:	2022-10-25T00:00:00
db:	NVD	id:	CVE-2021-31358	date:	2022-10-24T18:44:06.173

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-391106	date:	2021-10-19T00:00:00
db:	VULMON	id:	CVE-2021-31358	date:	2021-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-962	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-31358	date:	2021-10-19T19:15:09.013