cvelistv5 - cve-2021-0266

CVE-2021-0266 (GCVE-0-2021-0266)

Vulnerability from cvelistv5 – Published: 2021-04-22 19:37 – Updated: 2024-09-17 03:13

Summary

The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-321 - Use of Hard-coded Cryptographic Keys

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11157

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Juniper Networks	Junos OS	Affected: unspecified , < 20.2R3 (custom) Affected: 20.3 , < 20.3R2 (custom) Affected: 20.4 , < 20.4R2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11157"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "cSRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.2R3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R2",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R2",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321 Use of Hard-coded Cryptographic Keys",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T19:37:23",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.juniper.net/JSA11157"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11157",
        "defect": [
          "1564611"
        ],
        "discovery": "INTERNAL"
      },
      "title": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
          "ID": "CVE-2021-0266",
          "STATE": "PUBLIC",
          "TITLE": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Junos OS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "cSRX Series",
                            "version_affected": "\u003c",
                            "version_value": "20.2R3"
                          },
                          {
                            "platform": "cSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.3",
                            "version_value": "20.3R2"
                          },
                          {
                            "platform": "cSRX Series",
                            "version_affected": "\u003c",
                            "version_name": "20.4",
                            "version_value": "20.4R2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-321 Use of Hard-coded Cryptographic Keys"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11157",
              "refsource": "MISC",
              "url": "https://kb.juniper.net/JSA11157"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
          }
        ],
        "source": {
          "advisory": "JSA11157",
          "defect": [
            "1564611"
          ],
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0266",
    "datePublished": "2021-04-22T19:37:23.655216Z",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-09-17T03:13:48.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3C23AEB-34DE-44FB-8D64-E69D6E8B7401\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*\", \"matchCriteriaId\": \"18DB9401-5A51-4BB3-AC2F-58F58F1C788C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*\", \"matchCriteriaId\": \"06F53DA5-59AE-403C-9B1E-41CE267D8BB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C9BC697-C7C9-447D-9EBD-E9711462583E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B80433B-57B1-49EF-B1A1-83781D6102E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"20DDC6B7-BFC4-4F0B-8E68-442C23765BF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*\", \"matchCriteriaId\": \"037BA01C-3F5C-4503-A633-71765E9EF774\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11D4A86D-BDB4-4A01-96FE-7E023C58074B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.\"}, {\"lang\": \"es\", \"value\": \"El uso de m\\u00faltiples claves criptogr\\u00e1ficas embebidas en el software de la serie cSRX en Juniper Networks Junos OS, permite a un atacante tomar el control de cualquier instancia de una implementaci\\u00f3n de cSRX a trav\\u00e9s de servicios de administraci\\u00f3n de dispositivos.\u0026#xa0;Este problema afecta a: Juniper Networks Junos OS en la serie cSRX: todas las versiones anteriores a 20.2R3;\u0026#xa0;20.3 versiones anteriores a 20.3R2;\u0026#xa0;versiones 20.4 anteriores a 20.4R2\"}]",
      "id": "CVE-2021-0266",
      "lastModified": "2024-11-21T05:42:21.447",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-04-22T20:15:09.877",
      "references": "[{\"url\": \"https://kb.juniper.net/JSA11157\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA11157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-321\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-0266\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2021-04-22T20:15:09.877\",\"lastModified\":\"2024-11-21T05:42:21.447\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.\"},{\"lang\":\"es\",\"value\":\"El uso de m\u00faltiples claves criptogr\u00e1ficas embebidas en el software de la serie cSRX en Juniper Networks Junos OS, permite a un atacante tomar el control de cualquier instancia de una implementaci\u00f3n de cSRX a trav\u00e9s de servicios de administraci\u00f3n de dispositivos.\u0026#xa0;Este problema afecta a: Juniper Networks Junos OS en la serie cSRX: todas las versiones anteriores a 20.2R3;\u0026#xa0;20.3 versiones anteriores a 20.3R2;\u0026#xa0;versiones 20.4 anteriores a 20.4R2\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-321\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3C23AEB-34DE-44FB-8D64-E69D6E8B7401\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DB9401-5A51-4BB3-AC2F-58F58F1C788C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*\",\"matchCriteriaId\":\"06F53DA5-59AE-403C-9B1E-41CE267D8BB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9BC697-C7C9-447D-9EBD-E9711462583E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B80433B-57B1-49EF-B1A1-83781D6102E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DDC6B7-BFC4-4F0B-8E68-442C23765BF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"037BA01C-3F5C-4503-A633-71765E9EF774\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11D4A86D-BDB4-4A01-96FE-7E023C58074B\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11157\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA11157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-290

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Junos OS versions antérieures à 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1
Junos OS Evolved versions antérieures à 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO
Paragon Active Assurance Control Center versions antérieures à 2.35.6, 2.36.2 et 3.0.0
AppFormix versions antérieures à 3.1.22, 3.2.14 et 3.3.0

Les vulnérabilités CVE-2021-0248 (score CVSSv3 : 10, https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11141&cat=SIRT_1&actp=LIST) et CVE-2021-0254 (score CVSSv3 : 9.8, https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&cat=SIRT_1&actp=LIST) sont les plus critiques de ce présent avis.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11160 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11152 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11154 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11162 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11150 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11130 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11163 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11144 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11155 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11133 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11166 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11164 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11157 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11137 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11151 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11145 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11132 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11158 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11128 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11153 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11143 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11129 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11136 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11156 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11159 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11134 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11131 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11141 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11146 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11142 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11127 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11138 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11147 du 14 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1\u003c/li\u003e \u003cli\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO\u003c/li\u003e \u003cli\u003eParagon Active Assurance Control Center versions ant\u00e9rieures \u00e0 2.35.6, 2.36.2 et 3.0.0\u003c/li\u003e \u003cli\u003eAppFormix versions ant\u00e9rieures \u00e0 3.1.22, 3.2.14 et 3.3.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes vuln\u00e9rabilit\u00e9s\u00a0CVE-2021-0248 (score CVSSv3 : 10, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) et\u00a0CVE-2021-0254 (score CVSSv3 : 9.8, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) sont les plus critiques de ce pr\u00e9sent avis.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0250"
    },
    {
      "name": "CVE-2021-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0238"
    },
    {
      "name": "CVE-2021-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0254"
    },
    {
      "name": "CVE-2021-0263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0263"
    },
    {
      "name": "CVE-2021-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0243"
    },
    {
      "name": "CVE-2021-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0273"
    },
    {
      "name": "CVE-2021-0262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0262"
    },
    {
      "name": "CVE-2021-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0237"
    },
    {
      "name": "CVE-2021-0264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0264"
    },
    {
      "name": "CVE-2021-0248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0248"
    },
    {
      "name": "CVE-2021-0272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0272"
    },
    {
      "name": "CVE-2021-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0233"
    },
    {
      "name": "CVE-2021-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0269"
    },
    {
      "name": "CVE-2021-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0236"
    },
    {
      "name": "CVE-2021-0251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0251"
    },
    {
      "name": "CVE-2021-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0244"
    },
    {
      "name": "CVE-2021-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0267"
    },
    {
      "name": "CVE-2021-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0253"
    },
    {
      "name": "CVE-2021-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0232"
    },
    {
      "name": "CVE-2021-0260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0260"
    },
    {
      "name": "CVE-2021-0271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0271"
    },
    {
      "name": "CVE-2021-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0249"
    },
    {
      "name": "CVE-2021-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0234"
    },
    {
      "name": "CVE-2021-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0235"
    },
    {
      "name": "CVE-2021-0239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0239"
    },
    {
      "name": "CVE-2021-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0266"
    },
    {
      "name": "CVE-2021-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0259"
    },
    {
      "name": "CVE-2021-0265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0265"
    },
    {
      "name": "CVE-2021-0275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0275"
    },
    {
      "name": "CVE-2021-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0268"
    },
    {
      "name": "CVE-2021-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0261"
    },
    {
      "name": "CVE-2021-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0245"
    },
    {
      "name": "CVE-2021-0252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0252"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-290",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11160 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11160\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11152 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11152\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11154 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11154\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11162 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11162\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11150 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11150\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11130 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11130\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11163 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11163\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11144 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11144\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11155 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11155\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11133 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11133\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11166 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11166\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11164 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11164\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11157 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11157\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11137 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11137\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11151 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11151\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11145 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11145\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11132 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11132\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11158 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11158\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11128 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11128\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11153 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11153\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11143 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11143\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11129 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11129\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11136 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11136\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11156 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11156\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11159 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11159\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11134 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11134\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11131 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11131\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11141 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11141\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11146 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11146\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11142 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11142\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11127 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11127\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11138 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11138\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11147 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11147\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-290

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Junos OS versions antérieures à 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1
Junos OS Evolved versions antérieures à 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO
Paragon Active Assurance Control Center versions antérieures à 2.35.6, 2.36.2 et 3.0.0
AppFormix versions antérieures à 3.1.22, 3.2.14 et 3.3.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11160 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11152 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11154 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11162 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11150 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11130 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11163 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11144 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11155 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11133 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11166 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11164 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11157 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11137 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11151 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11145 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11132 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11158 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11128 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11153 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11143 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11129 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11136 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11156 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11159 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11134 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11131 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11141 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11146 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11142 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11127 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11138 du 14 avril 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11147 du 14 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eJunos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3R12-S17, 12.3X48-D105, 12.3X48-D95, 14.1X53-D49, 15.1R7-S6, 15.1R7-S8, 15.1R7-S9, 15.1X49-D190, 15.1X49-D191, 15.1X49-D200, 15.1X49-D230, 15.1X49-D240, 15.1X53-D592, 16.1R7-S7, 16.1R7-S8, 16.1R8, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R2-S12, 17.1R3, 17.1R3-S2, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S11, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S10, 17.4R2-S12, 17.4R2-S13, 17.4R2-S6, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 17.4R3-S5, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S13, 18.1R3-S5, 18.1R3-S7, 18.1R3-S9, 18.2R2-S6, 18.2R2-S7, 18.2R2-S8, 18.2R3, 18.2R3-S1, 18.2R3-S3, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2R3-S8, 18.3R1-S7, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.3R3-S5, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R1-S8, 18.4R2, 18.4R2-S3, 18.4R2-S4, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R2-S8, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 18.4R3-S7, 19.1R1, 19.1R1-S3, 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.1R3-S4, 19.2R1, 19.2R1-S1, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R3, 19.2R3-S1, 19.2R3-S2, 19.3R1, 19.3R2, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.3R3-S2, 19.4R1, 19.4R1-S1, 19.4R1-S3, 19.4R2, 19.4R2-S2, 19.4R2-S4, 19.4R3, 19.4R3-S1, 19.4R3-S2, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R1-S3, 20.1R2, 20.1R2-S1, 20.1R3, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R2, 20.2R2-S1, 20.2R2-S2, 20.2R2-S3, 20.2R3, 20.3R1, 20.3R1-S1, 20.3R1-S2, 20.3R2, 20.3R3, 20.4R1, 20.4R1-S1, 20.4R2 et 21.1R1\u003c/li\u003e \u003cli\u003eJunos OS Evolved versions ant\u00e9rieures \u00e0 19.2R2-EVO, 19.4R2-EVO, 20.1R1-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R2-EVO et 21.1R1-EVO\u003c/li\u003e \u003cli\u003eParagon Active Assurance Control Center versions ant\u00e9rieures \u00e0 2.35.6, 2.36.2 et 3.0.0\u003c/li\u003e \u003cli\u003eAppFormix versions ant\u00e9rieures \u00e0 3.1.22, 3.2.14 et 3.3.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes vuln\u00e9rabilit\u00e9s\u00a0CVE-2021-0248 (score CVSSv3 : 10, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11141\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) et\u00a0CVE-2021-0254 (score CVSSv3 : 9.8, \u003ca href=\"https://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\"\u003ehttps://kb.juniper.net/InfoCenter/index?page=content\u0026amp;id=JSA11147\u0026amp;cat=SIRT_1\u0026amp;actp=LIST\u003c/a\u003e) sont les plus critiques de ce pr\u00e9sent avis.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0250"
    },
    {
      "name": "CVE-2021-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0238"
    },
    {
      "name": "CVE-2021-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0254"
    },
    {
      "name": "CVE-2021-0263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0263"
    },
    {
      "name": "CVE-2021-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0243"
    },
    {
      "name": "CVE-2021-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0273"
    },
    {
      "name": "CVE-2021-0262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0262"
    },
    {
      "name": "CVE-2021-0237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0237"
    },
    {
      "name": "CVE-2021-0264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0264"
    },
    {
      "name": "CVE-2021-0248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0248"
    },
    {
      "name": "CVE-2021-0272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0272"
    },
    {
      "name": "CVE-2021-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0233"
    },
    {
      "name": "CVE-2021-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0269"
    },
    {
      "name": "CVE-2021-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0236"
    },
    {
      "name": "CVE-2021-0251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0251"
    },
    {
      "name": "CVE-2021-0244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0244"
    },
    {
      "name": "CVE-2021-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0267"
    },
    {
      "name": "CVE-2021-0253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0253"
    },
    {
      "name": "CVE-2021-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0232"
    },
    {
      "name": "CVE-2021-0260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0260"
    },
    {
      "name": "CVE-2021-0271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0271"
    },
    {
      "name": "CVE-2021-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0249"
    },
    {
      "name": "CVE-2021-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0234"
    },
    {
      "name": "CVE-2021-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0235"
    },
    {
      "name": "CVE-2021-0239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0239"
    },
    {
      "name": "CVE-2021-0266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0266"
    },
    {
      "name": "CVE-2021-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0259"
    },
    {
      "name": "CVE-2021-0265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0265"
    },
    {
      "name": "CVE-2021-0275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0275"
    },
    {
      "name": "CVE-2021-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0268"
    },
    {
      "name": "CVE-2021-0261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0261"
    },
    {
      "name": "CVE-2021-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0245"
    },
    {
      "name": "CVE-2021-0252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0252"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-290",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11160 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11160\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11152 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11152\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11154 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11154\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11162 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11162\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11150 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11150\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11130 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11130\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11163 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11163\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11144 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11144\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11155 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11155\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11133 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11133\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11166 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11166\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11164 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11164\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11157 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11157\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11137 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11137\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11151 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11151\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11145 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11145\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11132 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11132\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11158 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11158\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11128 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11128\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11153 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11153\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11143 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11143\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11129 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11129\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11136 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11136\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11156 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11156\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11159 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11159\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11134 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11134\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11131 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11131\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11141 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11141\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11146 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11146\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11142 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11142\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11127 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11127\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11138 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11138\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11147 du 14 avril 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11147\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GSD-2021-0266

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-0266

Aliases

CVE-2021-0266

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-0266",
    "description": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.",
    "id": "GSD-2021-0266"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-0266"
      ],
      "details": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.",
      "id": "GSD-2021-0266",
      "modified": "2023-12-13T01:23:07.468573Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
        "ID": "CVE-2021-0266",
        "STATE": "PUBLIC",
        "TITLE": "cSRX: Use of Hard-coded Cryptographic Keys allows an attacker to take control of the device through device management services."
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Junos OS",
                    "version": {
                      "version_data": [
                        {
                          "platform": "cSRX Series",
                          "version_affected": "\u003c",
                          "version_value": "20.2R3"
                        },
                        {
                          "platform": "cSRX Series",
                          "version_affected": "\u003c",
                          "version_name": "20.3",
                          "version_value": "20.3R2"
                        },
                        {
                          "platform": "cSRX Series",
                          "version_affected": "\u003c",
                          "version_name": "20.4",
                          "version_value": "20.4R2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-321 Use of Hard-coded Cryptographic Keys"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA11157",
            "refsource": "MISC",
            "url": "https://kb.juniper.net/JSA11157"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The following software releases have been updated to resolve this specific issue: 20.2R3, 20.3R2, 20.4R2, 21.1R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA11157",
        "defect": [
          "1564611"
        ],
        "discovery": "INTERNAL"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2021-0266"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11157",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA11157"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-09-20T17:08Z",
      "publishedDate": "2021-04-22T20:15Z"
    }
  }
}

FKIE_CVE-2021-0266

Vulnerability from fkie_nvd - Published: 2021-04-22 20:15 - Updated: 2024-11-21 05:42

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://kb.juniper.net/JSA11157	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA11157	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	junos	20.2
juniper	junos	20.2
juniper	junos	20.2
juniper	junos	20.2
juniper	junos	20.3
juniper	junos	20.3
juniper	junos	20.4
juniper	junos	20.4
juniper	csrx	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "06F53DA5-59AE-403C-9B1E-41CE267D8BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "5C9BC697-C7C9-447D-9EBD-E9711462583E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "7B80433B-57B1-49EF-B1A1-83781D6102E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11D4A86D-BDB4-4A01-96FE-7E023C58074B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2."
    },
    {
      "lang": "es",
      "value": "El uso de m\u00faltiples claves criptogr\u00e1ficas embebidas en el software de la serie cSRX en Juniper Networks Junos OS, permite a un atacante tomar el control de cualquier instancia de una implementaci\u00f3n de cSRX a trav\u00e9s de servicios de administraci\u00f3n de dispositivos.\u0026#xa0;Este problema afecta a: Juniper Networks Junos OS en la serie cSRX: todas las versiones anteriores a 20.2R3;\u0026#xa0;20.3 versiones anteriores a 20.3R2;\u0026#xa0;versiones 20.4 anteriores a 20.4R2"
    }
  ],
  "id": "CVE-2021-0266",
  "lastModified": "2024-11-21T05:42:21.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-22T20:15:09.877",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11157"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-9FRR-8RXX-97F3

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-09-21 00:00

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-0266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2.",
  "id": "GHSA-9frr-8rxx-97f3",
  "modified": "2022-09-21T00:00:41Z",
  "published": "2022-05-24T17:48:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0266"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11157"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-0266 (GCVE-0-2021-0266)

CERTFR-2021-AVI-290

Solution

CERTFR-2021-AVI-290

Solution

GSD-2021-0266

FKIE_CVE-2021-0266

GHSA-9FRR-8RXX-97F3

Tags

Sightings

Nomenclature