ID

VAR-202110-0614


CVE

CVE-2021-31357


TITLE

Juniper Networks Junos OS Evolved  Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013968

DESCRIPTION

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO. Juniper Networks Junos OS Evolved Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Juniper Networks Junos OS. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.8

sources: NVD: CVE-2021-31357 // JVNDB: JVNDB-2021-013968 // VULHUB: VHN-391105 // VULMON: CVE-2021-31357

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:lteversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013968 // NVD: CVE-2021-31357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31357
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-31357
value: HIGH

Trust: 1.0

NVD: CVE-2021-31357
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-963
value: HIGH

Trust: 0.6

VULHUB: VHN-391105
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-31357
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-391105
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31357
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-013968
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-391105 // JVNDB: JVNDB-2021-013968 // CNNVD: CNNVD-202110-963 // NVD: CVE-2021-31357 // NVD: CVE-2021-31357

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-391105 // JVNDB: JVNDB-2021-013968 // NVD: CVE-2021-31357

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-963

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-963

PATCH

title:JSA11221url:https://supportportal.juniper.net/s/article/2021-10-Security-Bulletin-Junos-OS-Evolved-Multiple-shell-injection-vulnerabilities-in-EVO-UI-wrapper-scripts?language=en_US

Trust: 0.8

title:Juniper Networks Junos OS Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=167327

Trust: 0.6

sources: JVNDB: JVNDB-2021-013968 // CNNVD: CNNVD-202110-963

EXTERNAL IDS

db:NVDid:CVE-2021-31357

Trust: 3.4

db:JUNIPERid:JSA11221

Trust: 1.8

db:JVNDBid:JVNDB-2021-013968

Trust: 0.8

db:CNNVDid:CNNVD-202110-963

Trust: 0.7

db:CS-HELPid:SB2021101807

Trust: 0.6

db:VULHUBid:VHN-391105

Trust: 0.1

db:VULMONid:CVE-2021-31357

Trust: 0.1

sources: VULHUB: VHN-391105 // VULMON: CVE-2021-31357 // JVNDB: JVNDB-2021-013968 // CNNVD: CNNVD-202110-963 // NVD: CVE-2021-31357

REFERENCES

url:https://kb.juniper.net/jsa11221

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31357

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021101807

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391105 // VULMON: CVE-2021-31357 // JVNDB: JVNDB-2021-013968 // CNNVD: CNNVD-202110-963 // NVD: CVE-2021-31357

SOURCES

db:VULHUBid:VHN-391105
db:VULMONid:CVE-2021-31357
db:JVNDBid:JVNDB-2021-013968
db:CNNVDid:CNNVD-202110-963
db:NVDid:CVE-2021-31357

LAST UPDATE DATE

2024-08-14T13:53:53.459000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391105date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-31357date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013968date:2022-09-30T05:17:00
db:CNNVDid:CNNVD-202110-963date:2022-10-25T00:00:00
db:NVDid:CVE-2021-31357date:2022-10-24T18:45:39.860

SOURCES RELEASE DATE

db:VULHUBid:VHN-391105date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31357date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013968date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202110-963date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31357date:2021-10-19T19:15:08.953