cvelistv5 - cve-2021-0279

CVE-2021-0279 (GCVE-0-2021-0279)

Vulnerability from cvelistv5 – Published: 2021-07-15 20:00 – Updated: 2024-09-17 01:06

Summary

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-798 - Use of Hard-coded Credentials

Assigner

juniper

References

URL

Tags

https://kb.juniper.net/JSA11183

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Juniper Networks	Contrail Cloud	Affected: unspecified , < 13.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:32:10.506Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA11183"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Contrail Cloud",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "13.6.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "CWE-798 Use of Hard-coded Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-15T20:00:50",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA11183"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases.\n\nWhen installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible:\na) You may set a non-default password using the config/vault-data.yml file.\nb) Or following configuration should be added to the CC site.yml file:\n\n   extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nContact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary."
        }
      ],
      "source": {
        "advisory": "JSA11183",
        "defect": [
          "CC-773"
        ],
        "discovery": "USER"
      },
      "title": "Contrail Cloud: Hardcoded credentials for RabbitMQ service",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue with a fresh installation of Contrail Cloud version prior to 13.6.0, the following configuration options should be added to the CC site.yml file.\n\n  extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nPlease contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.\n\nUntil a fresh installation or upgrade is possible, to reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
          "ID": "CVE-2021-0279",
          "STATE": "PUBLIC",
          "TITLE": "Contrail Cloud: Hardcoded credentials for RabbitMQ service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Contrail Cloud",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11183",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA11183"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases.\n\nWhen installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible:\na) You may set a non-default password using the config/vault-data.yml file.\nb) Or following configuration should be added to the CC site.yml file:\n\n   extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nContact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary."
          }
        ],
        "source": {
          "advisory": "JSA11183",
          "defect": [
            "CC-773"
          ],
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "To mitigate this issue with a fresh installation of Contrail Cloud version prior to 13.6.0, the following configuration options should be added to the CC site.yml file.\n\n  extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nPlease contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.\n\nUntil a fresh installation or upgrade is possible, to reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2021-0279",
    "datePublished": "2021-07-15T20:00:50.653467Z",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-09-17T01:06:11.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:contrail_cloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.6\", \"matchCriteriaId\": \"810B43DB-52EB-4B8E-B5E4-997AF96A1412\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.\"}, {\"lang\": \"es\", \"value\": \"Juniper Networks Contrail Cloud (CC) versiones anteriores a 13.6.0, presenta el servicio RabbitMQ activado por defecto con credenciales embebidas. Los servicios de mensajer\\u00eda de RabbitMQ son usados cuando se coordinan las operaciones y la informaci\\u00f3n de estado entre los servicios de Contrail. Un atacante con acceso a un servicio administrativo para RabbitMQ (por ejemplo, GUI), puede usar estas credenciales embebidas para causar una Denegaci\\u00f3n de Servicio (DoS) o tener acceso a informaci\\u00f3n confidencial del sistema no especificada. Este problema afecta a las versiones de Juniper Networks Contrail Cloud anteriores a 13.6.0\"}]",
      "id": "CVE-2021-0279",
      "lastModified": "2024-11-21T05:42:23.320",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:P\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-07-15T20:15:09.543",
      "references": "[{\"url\": \"https://kb.juniper.net/JSA11183\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA11183\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-0279\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2021-07-15T20:15:09.543\",\"lastModified\":\"2024-11-21T05:42:23.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.\"},{\"lang\":\"es\",\"value\":\"Juniper Networks Contrail Cloud (CC) versiones anteriores a 13.6.0, presenta el servicio RabbitMQ activado por defecto con credenciales embebidas. Los servicios de mensajer\u00eda de RabbitMQ son usados cuando se coordinan las operaciones y la informaci\u00f3n de estado entre los servicios de Contrail. Un atacante con acceso a un servicio administrativo para RabbitMQ (por ejemplo, GUI), puede usar estas credenciales embebidas para causar una Denegaci\u00f3n de Servicio (DoS) o tener acceso a informaci\u00f3n confidencial del sistema no especificada. Este problema afecta a las versiones de Juniper Networks Contrail Cloud anteriores a 13.6.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:P\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:contrail_cloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.6\",\"matchCriteriaId\":\"810B43DB-52EB-4B8E-B5E4-997AF96A1412\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11183\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA11183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-MXP7-4PRX-2V6G

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-0279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.",
  "id": "GHSA-mxp7-4prx-2v6g",
  "modified": "2022-05-24T19:08:07Z",
  "published": "2022-05-24T19:08:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0279"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11183"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2021-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.4.1 antérieures à 8.4.1R19
Juniper Networks	Networks Junos OS	Juniper Networks Junos OS versions antérieures à 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,
Juniper Networks	N/A	Juniper Networks Contrail Cloud versions antérieures à 13.6.0
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.6.0 antérieures à 8.6.0R4
Juniper Networks	Networks Junos OS Evolved	Juniper Networks Junos OS Evolved versions antérieures à 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.0 antérieures à 8.5.0R10

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11183 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11187 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11189 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11188 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11192 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11191 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11177 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11186 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11179 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11182 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11180 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11181 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11178 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11185 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11190 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11184 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité JuniperJSA11191 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11183 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11192 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11181 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11178 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11180 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11187 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11188 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11179 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11185 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11184 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11190 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11189 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11177 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11186 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11182 du 14 juillet 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.4.1 ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,",
      "product": {
        "name": "Networks Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 13.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions 8.6.0 ant\u00e9rieures \u00e0 8.6.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO",
      "product": {
        "name": "Networks Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.0 ant\u00e9rieures \u00e0 8.5.0R10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0285"
    },
    {
      "name": "CVE-2021-0279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0279"
    },
    {
      "name": "CVE-2021-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0287"
    },
    {
      "name": "CVE-2021-0278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0278"
    },
    {
      "name": "CVE-2021-0280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0280"
    },
    {
      "name": "CVE-2021-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0282"
    },
    {
      "name": "CVE-2017-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1087"
    },
    {
      "name": "CVE-2018-6925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6925"
    },
    {
      "name": "CVE-2019-8936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8936"
    },
    {
      "name": "CVE-2021-0276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0276"
    },
    {
      "name": "CVE-2021-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0286"
    },
    {
      "name": "CVE-2021-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0289"
    },
    {
      "name": "CVE-2021-0277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0277"
    },
    {
      "name": "CVE-2021-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0290"
    },
    {
      "name": "CVE-2021-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0281"
    },
    {
      "name": "CVE-2021-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0288"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11191 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11191\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11183 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11183\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11192 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11192\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11181 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11181\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11178 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11178\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11180 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11180\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11187 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11187\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11188 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11188\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11179 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11179\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11185 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11185\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11184 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11184\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11190 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11190\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11189 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11189\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11177 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11177\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11186 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11186\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11182 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11182\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2021-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes les produits Juniper.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11183 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11187 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11189 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11188 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11192 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11191 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11177 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11186 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11179 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11182 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11180 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11181 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11178 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11185 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11190 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11184 du 14 juillet 2021",
      "url": null
    }
  ]
}

CERTFR-2021-AVI-526

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.4.1 antérieures à 8.4.1R19
Juniper Networks	Networks Junos OS	Juniper Networks Junos OS versions antérieures à 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,
Juniper Networks	N/A	Juniper Networks Contrail Cloud versions antérieures à 13.6.0
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.6.0 antérieures à 8.6.0R4
Juniper Networks	Networks Junos OS Evolved	Juniper Networks Junos OS Evolved versions antérieures à 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.0 antérieures à 8.5.0R10

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11183 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11187 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11189 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11188 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11192 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11191 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11177 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11186 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11179 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11182 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11180 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11181 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11178 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11185 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11190 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11184 du 14 juillet 2021	None	vendor-advisory
Bulletin de sécurité JuniperJSA11191 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11183 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11192 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11181 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11178 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11180 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11187 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11188 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11179 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11185 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11184 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11190 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11189 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11177 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11186 du 14 juillet 2021	-	other
Bulletin de sécurité JuniperJSA11182 du 14 juillet 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.4.1 ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S19, 15.1R7-S10, 16.1R7-S7, 17.2R3-S3, 17.3R3-S12, 17.4R2-S13, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R2-S9, 18.4R3-S9, 19.1R2-S1, 19.2R1-S7, 19.2R3-S2, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 19.4R2, 19.4R2-S4, 19.4R3-S5, 20.1R1, 20.1R2-S2, 20.1R3-S1, 20.2R2-S3, 20.2R3-S2, 20.3R2-S1, 20.3R3, 20.4R1-S1, 20.4R2-S1, 20.4R3, 21.1R1-S1, 21.1R2, 21.2R1,",
      "product": {
        "name": "Networks Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Cloud versions ant\u00e9rieures \u00e0 13.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions 8.6.0 ant\u00e9rieures \u00e0 8.6.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.3R2-EVO, 20.4R2-EVO, 20.4R2-S2-EVO, 21.1R1-EVO, 21.1R2-EVO, 21.2R1-EVO",
      "product": {
        "name": "Networks Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.0 ant\u00e9rieures \u00e0 8.5.0R10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0285"
    },
    {
      "name": "CVE-2021-0279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0279"
    },
    {
      "name": "CVE-2021-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0287"
    },
    {
      "name": "CVE-2021-0278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0278"
    },
    {
      "name": "CVE-2021-0280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0280"
    },
    {
      "name": "CVE-2021-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0282"
    },
    {
      "name": "CVE-2017-1087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1087"
    },
    {
      "name": "CVE-2018-6925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6925"
    },
    {
      "name": "CVE-2019-8936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8936"
    },
    {
      "name": "CVE-2021-0276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0276"
    },
    {
      "name": "CVE-2021-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0286"
    },
    {
      "name": "CVE-2021-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0289"
    },
    {
      "name": "CVE-2021-0277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0277"
    },
    {
      "name": "CVE-2021-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0290"
    },
    {
      "name": "CVE-2021-0281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0281"
    },
    {
      "name": "CVE-2021-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0288"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11191 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11191\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11183 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11183\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11192 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11192\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11181 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11181\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11178 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11178\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11180 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11180\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11187 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11187\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11188 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11188\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11179 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11179\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11185 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11185\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11184 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11184\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11190 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11190\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11189 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11189\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11177 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11177\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11186 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11186\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 JuniperJSA11182 du 14 juillet 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11182\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2021-AVI-526",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes les produits Juniper.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11183 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11187 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11189 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11188 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11192 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11191 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11177 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11186 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11179 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11182 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11180 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11181 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11178 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11185 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11190 du 14 juillet 2021",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11184 du 14 juillet 2021",
      "url": null
    }
  ]
}

FKIE_CVE-2021-0279

Vulnerability from fkie_nvd - Published: 2021-07-15 20:15 - Updated: 2024-11-21 05:42

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H

Summary

References

	URL	Tags
	sirt@juniper.net	https://kb.juniper.net/JSA11183	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA11183	Vendor Advisory

Impacted products

	Vendor	Product	Version
	juniper	contrail_cloud	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:contrail_cloud:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "810B43DB-52EB-4B8E-B5E4-997AF96A1412",
              "versionEndExcluding": "13.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
    },
    {
      "lang": "es",
      "value": "Juniper Networks Contrail Cloud (CC) versiones anteriores a 13.6.0, presenta el servicio RabbitMQ activado por defecto con credenciales embebidas. Los servicios de mensajer\u00eda de RabbitMQ son usados cuando se coordinan las operaciones y la informaci\u00f3n de estado entre los servicios de Contrail. Un atacante con acceso a un servicio administrativo para RabbitMQ (por ejemplo, GUI), puede usar estas credenciales embebidas para causar una Denegaci\u00f3n de Servicio (DoS) o tener acceso a informaci\u00f3n confidencial del sistema no especificada. Este problema afecta a las versiones de Juniper Networks Contrail Cloud anteriores a 13.6.0"
    }
  ],
  "id": "CVE-2021-0279",
  "lastModified": "2024-11-21T05:42:23.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-15T20:15:09.543",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA11183"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-0279

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-0279

Aliases

CVE-2021-0279

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-0279",
    "description": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.",
    "id": "GSD-2021-0279"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-0279"
      ],
      "details": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0.",
      "id": "GSD-2021-0279",
      "modified": "2023-12-13T01:23:07.431151Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2021-07-14T16:00:00.000Z",
        "ID": "CVE-2021-0279",
        "STATE": "PUBLIC",
        "TITLE": "Contrail Cloud: Hardcoded credentials for RabbitMQ service"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Contrail Cloud",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "13.6.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-798 Use of Hard-coded Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA11183",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA11183"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The following software releases have been updated to resolve this specific issue: Juniper Networks Contrail Cloud version 13.6.0, and all subsequent releases.\n\nWhen installing Contrail Cloud version 13.6.0, to set a non-default password for RabbitMQ, one of these options are possible:\na) You may set a non-default password using the config/vault-data.yml file.\nb) Or following configuration should be added to the CC site.yml file:\n\n   extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nContact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary."
        }
      ],
      "source": {
        "advisory": "JSA11183",
        "defect": [
          "CC-773"
        ],
        "discovery": "USER"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "To mitigate this issue with a fresh installation of Contrail Cloud version prior to 13.6.0, the following configuration options should be added to the CC site.yml file.\n\n  extra_config:\n      ContrailAnalyticsParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n      ContrailControllerParameters:\n        ContrailSettings:\n          RABBITMQ_PASSWORD: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027password\u0027] }}\"\n          RABBITMQ_USER: \"{{ vault[\u0027other\u0027][\u0027credentials\u0027][\u0027contrail_rabbit\u0027][\u0027user\u0027] }}\"\n\nPlease contact Juniper Networks Technical Assistance Center (JTAC) for guided assistance if necessary.\n\nUntil a fresh installation or upgrade is possible, to reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts. "
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:contrail_cloud:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2021-0279"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA11183",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA11183"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2021-07-27T18:50Z",
      "publishedDate": "2021-07-15T20:15Z"
    }
  }
}

VAR-202107-0490

Vulnerability from variot - Updated: 2023-12-18 11:43

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0490",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "contrail cloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "13.6"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:contrail_cloud:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      }
    ]
  },
  "cve": "CVE-2021-0279",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-372181",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-0279",
            "impactScore": 4.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.2,
            "impactScore": 4.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "sirt@juniper.net",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 4.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-0279",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2021-0279",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-1053",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-372181",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-0279",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JUNIPER",
        "id": "JSA11183",
        "trust": 1.8
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2395",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021072013",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-52395",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-372181",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "id": "VAR-202107-0490",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:43:58.798000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://kb.juniper.net/jsa11183"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2395"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0279"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021072013"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/798.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "date": "2021-07-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "date": "2021-07-15T20:15:09.543000",
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372181"
      },
      {
        "date": "2021-07-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-0279"
      },
      {
        "date": "2021-07-27T18:50:01.900000",
        "db": "NVD",
        "id": "CVE-2021-0279"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-1053"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pillow Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2021-52395

Vulnerability from cnvd - Published: 2021-07-20

Title

Juniper Networks trail Cloud（CC）存在未明漏洞

Description

Juniper Networks Contrail Cloud是美国瞻博（Juniper Networks）公司的一个完全托管的电信云运行解决方案。 Juniper Networks Contrail Cloud 13.6.0 之前存在安全漏洞，该漏洞源于默认启用 RabbitMQ 服务并使用硬编码凭据。有权访问 RabbitMQ 管理服务（例如 GUI）的攻击者可以使用这些硬编码凭据来导致拒绝服务 (DoS) 或访问未指定的敏感系统信息。

Severity

高

Patch Name

Juniper Networks trail Cloud（CC）存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11183

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-0279

Impacted products

Name
Juniper Networks Juniper Networks trail Cloud（CC） <13.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-0279"
    }
  },
  "description": "Juniper Networks Contrail Cloud\u662f\u7f8e\u56fd\u77bb\u535a\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5b8c\u5168\u6258\u7ba1\u7684\u7535\u4fe1\u4e91\u8fd0\u884c\u89e3\u51b3\u65b9\u6848\u3002\n\nJuniper Networks Contrail Cloud 13.6.0 \u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u542f\u7528 RabbitMQ \u670d\u52a1\u5e76\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\u3002\u6709\u6743\u8bbf\u95ee RabbitMQ \u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982 GUI\uff09\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u786c\u7f16\u7801\u51ed\u636e\u6765\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1 (DoS) \u6216\u8bbf\u95ee\u672a\u6307\u5b9a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11183",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-52395",
  "openTime": "2021-07-20",
  "patchDescription": "Juniper Networks Contrail Cloud\u662f\u7f8e\u56fd\u77bb\u535a\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5b8c\u5168\u6258\u7ba1\u7684\u7535\u4fe1\u4e91\u8fd0\u884c\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nJuniper Networks Contrail Cloud 13.6.0 \u4e4b\u524d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u542f\u7528 RabbitMQ \u670d\u52a1\u5e76\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\u3002\u6709\u6743\u8bbf\u95ee RabbitMQ \u7ba1\u7406\u670d\u52a1\uff08\u4f8b\u5982 GUI\uff09\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4f7f\u7528\u8fd9\u4e9b\u786c\u7f16\u7801\u51ed\u636e\u6765\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1 (DoS) \u6216\u8bbf\u95ee\u672a\u6307\u5b9a\u7684\u654f\u611f\u7cfb\u7edf\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks trail Cloud\uff08CC\uff09\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Juniper Networks Juniper Networks trail Cloud\uff08CC\uff09 \u003c13.6.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-0279",
  "serverity": "\u9ad8",
  "submitTime": "2021-07-16",
  "title": "Juniper Networks trail Cloud\uff08CC\uff09\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-0279 (GCVE-0-2021-0279)

GHSA-MXP7-4PRX-2V6G

CERTFR-2021-AVI-526

Solution

CERTFR-2021-AVI-526

Solution

FKIE_CVE-2021-0279

GSD-2021-0279

VAR-202107-0490

CNVD-2021-52395

Tags

Sightings

Nomenclature