ID

VAR-202110-1550


CVE

CVE-2021-31360


TITLE

Juniper Networks Junos OS Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-960

DESCRIPTION

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31360 // VULHUB: VHN-391108 // VULMON: CVE-2021-31360

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:lteversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-31360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31360
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2021-31360
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-960
value: HIGH

Trust: 0.6

VULHUB: VHN-391108
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-31360
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-31360
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391108
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-31360
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391108 // VULMON: CVE-2021-31360 // CNNVD: CNNVD-202110-960 // NVD: CVE-2021-31360 // NVD: CVE-2021-31360

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-391108 // NVD: CVE-2021-31360

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-960

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-960

PATCH

title:Juniper Networks Junos OS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168318

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-31360

Trust: 0.1

sources: VULMON: CVE-2021-31360 // CNNVD: CNNVD-202110-960

EXTERNAL IDS

db:NVDid:CVE-2021-31360

Trust: 1.8

db:JUNIPERid:JSA11222

Trust: 1.8

db:CNNVDid:CNNVD-202110-960

Trust: 0.7

db:CS-HELPid:SB2021101808

Trust: 0.6

db:AUSCERTid:ESB-2021.3602

Trust: 0.6

db:VULHUBid:VHN-391108

Trust: 0.1

db:VULMONid:CVE-2021-31360

Trust: 0.1

sources: VULHUB: VHN-391108 // VULMON: CVE-2021-31360 // CNNVD: CNNVD-202110-960 // NVD: CVE-2021-31360

REFERENCES

url:https://kb.juniper.net/jsa11222

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021101808

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-31360

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3602

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-31360

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391108 // VULMON: CVE-2021-31360 // CNNVD: CNNVD-202110-960 // NVD: CVE-2021-31360

SOURCES

db:VULHUBid:VHN-391108
db:VULMONid:CVE-2021-31360
db:CNNVDid:CNNVD-202110-960
db:NVDid:CVE-2021-31360

LAST UPDATE DATE

2024-08-14T14:18:19.508000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391108date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-31360date:2022-10-27T00:00:00
db:CNNVDid:CNNVD-202110-960date:2021-11-18T00:00:00
db:NVDid:CVE-2021-31360date:2022-10-27T16:34:48.550

SOURCES RELEASE DATE

db:VULHUBid:VHN-391108date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31360date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-960date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31360date:2021-10-19T19:15:09.137