ID

VAR-202110-0615


CVE

CVE-2021-31356


TITLE

Juniper Networks Junos OS Operating system operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-966

DESCRIPTION

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Juniper Networks Junos OS. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31356 // VULHUB: VHN-391104 // VULMON: CVE-2021-31356

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:lteversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

sources: NVD: CVE-2021-31356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31356
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-31356
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-966
value: HIGH

Trust: 0.6

VULHUB: VHN-391104
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-31356
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-391104
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-31356
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391104 // CNNVD: CNNVD-202110-966 // NVD: CVE-2021-31356 // NVD: CVE-2021-31356

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 1.0

sources: VULHUB: VHN-391104 // NVD: CVE-2021-31356

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-966

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202110-966

PATCH

title:Juniper Networks Junos OS Fixes for command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=167328

Trust: 0.6

sources: CNNVD: CNNVD-202110-966

EXTERNAL IDS

db:JUNIPERid:JSA11221

Trust: 1.8

db:NVDid:CVE-2021-31356

Trust: 1.8

db:CNNVDid:CNNVD-202110-966

Trust: 0.7

db:CS-HELPid:SB2021101807

Trust: 0.6

db:VULHUBid:VHN-391104

Trust: 0.1

db:VULMONid:CVE-2021-31356

Trust: 0.1

sources: VULHUB: VHN-391104 // VULMON: CVE-2021-31356 // CNNVD: CNNVD-202110-966 // NVD: CVE-2021-31356

REFERENCES

url:https://kb.juniper.net/jsa11221

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31356

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101807

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391104 // VULMON: CVE-2021-31356 // CNNVD: CNNVD-202110-966 // NVD: CVE-2021-31356

SOURCES

db:VULHUBid:VHN-391104
db:VULMONid:CVE-2021-31356
db:CNNVDid:CNNVD-202110-966
db:NVDid:CVE-2021-31356

LAST UPDATE DATE

2024-08-14T13:53:53.434000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391104date:2022-10-25T00:00:00
db:VULMONid:CVE-2021-31356date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-966date:2022-10-26T00:00:00
db:NVDid:CVE-2021-31356date:2022-10-25T15:33:05.780

SOURCES RELEASE DATE

db:VULHUBid:VHN-391104date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31356date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-966date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31356date:2021-10-19T19:15:08.897