SB2025050123 - Junos Space Security Director update for third-party components

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025050123

SB2025050123 - Junos Space Security Director update for third-party components

Published: May 1, 2025

Security Bulletin ID SB2025050123
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2019-7611)

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used, which means that elasticsearch.yml file has xpack.security.dls_fls.enabled set to false. A remote authenticated attacker can make API calls to the _aliases, _shrink, or _split endpoints and make existing data available under a new index/alias name.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-7020)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to search queries do not properly preserve security permissions when executing certain complex queries. A remote attacker can disclose protected documents when Document or Field Level Security is used.


3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2020-7021)

The vulnerability allows a remote administrator to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files, when audit logging and the emit_request_body option is enabled. The Elasticsearch administrator can view the audit log and obtain password hashes or authentication tokens in clear text.


4) Security restrictions bypass (CVE-ID: CVE-2021-22135)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. A remote user can perform certain queries to enable the profiler and suggester on index and disclose existence of documents and fields.


5) Improper Preservation of Permissions (CVE-ID: CVE-2021-22137)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to search queries do not properly preserve security permissions when executing certain cross-cluster search queries. A remote user can disclose existence of documents via search functionality, when Document or Field Level Security is used.


6) Resource exhaustion (CVE-ID: CVE-2021-22144)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncontrolled recursion issue in the Elasticsearch Grok parser. A remote authenticated attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References