ID

VAR-202110-1551


CVE

CVE-2021-31359


TITLE

Juniper Networks Junos OS Permission Licensing and Access Control Issue Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202110-961

DESCRIPTION

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. The operating system provides a secure programming interface and Junos SDK. There is no relevant information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-31359 // VULHUB: VHN-391107 // VULMON: CVE-2021-31359

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:lteversion:20.3

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-31359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31359
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-31359
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-961
value: HIGH

Trust: 0.6

VULHUB: VHN-391107
value: HIGH

Trust: 0.1

VULMON: CVE-2021-31359
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-31359
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-391107
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-31359
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-391107 // VULMON: CVE-2021-31359 // CNNVD: CNNVD-202110-961 // NVD: CVE-2021-31359 // NVD: CVE-2021-31359

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

sources: VULHUB: VHN-391107 // NVD: CVE-2021-31359

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-961

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202110-961

PATCH

title:Juniper Networks Junos OS Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166578

Trust: 0.6

sources: CNNVD: CNNVD-202110-961

EXTERNAL IDS

db:JUNIPERid:JSA11222

Trust: 1.8

db:NVDid:CVE-2021-31359

Trust: 1.8

db:CNNVDid:CNNVD-202110-961

Trust: 0.7

db:CS-HELPid:SB2021101808

Trust: 0.6

db:AUSCERTid:ESB-2021.3602

Trust: 0.6

db:VULHUBid:VHN-391107

Trust: 0.1

db:VULMONid:CVE-2021-31359

Trust: 0.1

sources: VULHUB: VHN-391107 // VULMON: CVE-2021-31359 // CNNVD: CNNVD-202110-961 // NVD: CVE-2021-31359

REFERENCES

url:https://kb.juniper.net/jsa11222

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31359

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101808

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3602

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-36656

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-391107 // VULMON: CVE-2021-31359 // CNNVD: CNNVD-202110-961 // NVD: CVE-2021-31359

SOURCES

db:VULHUBid:VHN-391107
db:VULMONid:CVE-2021-31359
db:CNNVDid:CNNVD-202110-961
db:NVDid:CVE-2021-31359

LAST UPDATE DATE

2024-08-14T14:18:19.535000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391107date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-31359date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202110-961date:2021-11-18T00:00:00
db:NVDid:CVE-2021-31359date:2022-10-27T13:05:24.877

SOURCES RELEASE DATE

db:VULHUBid:VHN-391107date:2021-10-19T00:00:00
db:VULMONid:CVE-2021-31359date:2021-10-19T00:00:00
db:CNNVDid:CNNVD-202110-961date:2021-10-13T00:00:00
db:NVDid:CVE-2021-31359date:2021-10-19T19:15:09.070