SB2021101808 - Multiple vulnerabilities in Juniper Networks Junos OS and Junos OS Evolved

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021101808

SB2021101808 - Multiple vulnerabilities in Juniper Networks Junos OS and Junos OS Evolved

Published: October 18, 2021

Security Bulletin ID SB2021101808
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-31359)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Juniper DHCP daemon (jdhcpd) process, which leads to security restrictions bypass and privilege escalation.


2) Improper Privilege Management (CVE-ID: CVE-2021-31360)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can escalate privileges.


Remediation

Install update from vendor's website.

References