Vulnerability-Lookup

BDU:2021-02363

Vulnerability from fstec - Published: 16.04.2021

Title

Уязвимость операционной системы JunOS маршрутизаторов SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 with SPC2, SRX5000 with SPC2/SPC3, vSRX, связанная с ошибками управления привилегиями, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость операционной системы JunOS маршрутизаторов SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 with SPC2, SRX5000 with SPC2/SPC3, vSRX связана с ошибками управления привилегиями. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

Vendor

Juniper Networks Inc.

Software Name

JunOS

Software Version

до 19.2R1-S6 (JunOS), до 19.2R3-S2 (JunOS), до 19.3R3-S2 (JunOS), до 19.4R2-S4 (JunOS), до 19.4R3-S2 (JunOS), до 20.1R2 (JunOS), до 20.1R3 (JunOS), до 20.2R2-S1 (JunOS), до 20.2R3 (JunOS), до 20.3R1-S2 (JunOS), до 20.3R2 (JunOS), до 20.4R1 (JunOS)

Possible Mitigations

Использование рекомендаций: https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11130

Reference

https://www.cybersecurity-help.cz/vdb/SB2021041604 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11130

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:P/I:C/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Juniper Networks Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 19.2R1-S6 (JunOS), \u0434\u043e 19.2R3-S2 (JunOS), \u0434\u043e 19.3R3-S2 (JunOS), \u0434\u043e 19.4R2-S4 (JunOS), \u0434\u043e 19.4R3-S2 (JunOS), \u0434\u043e 20.1R2 (JunOS), \u0434\u043e 20.1R3 (JunOS), \u0434\u043e 20.2R2-S1 (JunOS), \u0434\u043e 20.2R3 (JunOS), \u0434\u043e 20.3R1-S2 (JunOS), \u0434\u043e 20.3R2 (JunOS), \u0434\u043e 20.4R1 (JunOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11130",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.04.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.05.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.05.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02363",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-0235",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "JunOS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S6 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S6 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S6 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S6 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 19.2R1-S6 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 19.2R3-S2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 19.2R3-S2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 19.2R3-S2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 19.2R3-S2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 19.2R3-S2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3-S2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3-S2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3-S2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3-S2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 19.3R3-S2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S4 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S4 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S4 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S4 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 19.4R2-S4 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3-S2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3-S2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3-S2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3-S2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 19.4R3-S2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.1R2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.1R3 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.1R3 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.1R3 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.1R3 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.1R3 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.2R2-S1 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.2R2-S1 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.2R2-S1 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.2R2-S1 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.2R2-S1 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.2R3 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.2R3 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.2R3 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.2R3 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.2R3 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.3R1-S2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.3R1-S2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.3R1-S2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.3R1-S2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.3R1-S2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.3R2 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.3R2 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.3R2 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.3R2 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.3R2 SRX5000, Juniper Networks Inc. JunOS \u0434\u043e 20.4R1 SRX1500, Juniper Networks Inc. JunOS \u0434\u043e 20.4R1 SRX4100, Juniper Networks Inc. JunOS \u0434\u043e 20.4R1 SRX4200, Juniper Networks Inc. JunOS \u0434\u043e 20.4R1 SRX4600, Juniper Networks Inc. JunOS \u0434\u043e 20.4R1 SRX5000",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 with SPC2, SRX5000 with SPC2/SPC3, vSRX, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b JunOS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 with SPC2, SRX5000 with SPC2/SPC3, vSRX \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2021041604 \nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11130",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}

CVE-2021-0235 (GCVE-0-2021-0235)

Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 02:36

Title

Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks

Summary

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L

CWE

CWE-276 - Incorrect Default Permissions

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11130

x_refsource_MISC

Impacted products

Vendor

Product

Version

Juniper Networks

Junos OS

Affected: 18.3R1 , < 18.3* (custom)

Juniper Networks	Junos OS	Affected: 18.4R1 , < 18.4* (custom) Affected: 19.1R1 , < 19.1* (custom) Affected: 19.2 , < 19.2R1-S6, 19.2R3-S2 (custom) Affected: 19.3 , < 19.3R3-S2 (custom) Affected: 19.4 , < 19.4R2-S4, 19.4R3-S2 (custom)
Juniper Networks	Junos OS	Affected: 20.1 , < 20.1R2, 20.1R3 (custom) Affected: 20.2 , < 20.2R2-S1, 20.2R3 (custom) Affected: 20.3 , < 20.3R1-S2, 20.3R2 (custom) Affected: 20.4 , < 20.4R1, 20.4R2 (custom)
Juniper Networks	Junos OS	Unaffected: unspecified , < 18.3R1 (custom)

Date Public ?

2021-04-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:09.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.3*",
              "status": "affected",
              "version": "18.3R1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.4*",
              "status": "affected",
              "version": "18.4R1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.1*",
              "status": "affected",
              "version": "19.1R1",
              "versionType": "custom"
            },
            {
              "lessThan": "19.2R1-S6, 19.2R3-S2",
              "status": "affected",
              "version": "19.2",
              "versionType": "custom"
            },
            {
              "lessThan": "19.3R3-S2",
              "status": "affected",
              "version": "19.3",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S4, 19.4R3-S2",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.1R2, 20.1R3",
              "status": "affected",
              "version": "20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R2-S1, 20.2R3",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R1-S2, 20.3R2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R1, 20.4R2",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "18.3R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:02.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11130"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11130",
        "defect": [
          "1537491"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series:  In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0235",
          "STATE": "PUBLIC",
          "TITLE": "Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series:  In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2",
                            "version_affected": "\u003e=",
                            "version_name": "18.3",
                            "version_value": "18.3R1"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
                            "version_affected": "\u003e=",
                            "version_name": "18.4",
                            "version_value": "18.4R1"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
                            "version_affected": "\u003e=",
                            "version_name": "19.1",
                            "version_value": "19.1R1"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
                            "version_affected": "\u003c",
                            "version_name": "19.2",
                            "version_value": "19.2R1-S6, 19.2R3-S2"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
                            "version_affected": "\u003c",
                            "version_name": "19.3",
                            "version_value": "19.3R3-S2"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3",
                            "version_affected": "\u003c",
                            "version_name": "19.4",
                            "version_value": "19.4R2-S4, 19.4R3-S2"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.1",
                            "version_value": "20.1R2, 20.1R3"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.2",
                            "version_value": "20.2R2-S1, 20.2R3"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R1-S2, 20.3R2"
                          },
                          {
                            "platform": "SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R1, 20.4R2"
                          },
                          {
                            "version_affected": "!\u003c",
                            "version_value": "18.3R1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 version 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.3 versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 20.1 versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.2 versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.3 versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series; 20.4 versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-276: Incorrect Default Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11130",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11130"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 19.2R1-S6, 19.2R3-S2, 19.3R3-S2, 19.4R2-S4, 19.4R3-S2, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S2, 20.3R2, 20.4R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11130",
          "defect": [
            "1537491"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0235",
    "datePublished": "2021-04-22T19:37:02.659Z",
    "dateReserved": "2020-10-27T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:36:59.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-02363

CVE-2021-0235 (GCVE-0-2021-0235)

Tags

Sightings

Nomenclature