CVE-2021-0204
published 2021-01-15CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D34; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | >= 15.1 < 15.1R7-S8 | 15.1R7-S8 |
| juniper_networks | junos_os | >= 15.1X49 < 15.1X49-D230 | 15.1X49-D230 |
| juniper_networks | junos_os | >= 17.3 < 17.3R3-S9 | 17.3R3-S9 |
| juniper_networks | junos_os | >= 17.4 < 17.4R2-S12, 17.4R3-S3 | 17.4R2-S12, 17.4R3-S3 |
| juniper_networks | junos_os | >= 18.1 < 18.1R3-S11 | 18.1R3-S11 |
| juniper_networks | junos_os | >= 18.2 < 18.2R3-S6 | 18.2R3-S6 |
| juniper_networks | junos_os | >= 18.2X75 < 18.2X75-D34 | 18.2X75-D34 |
| juniper_networks | junos_os | >= 18.3 < 18.3R3-S4 | 18.3R3-S4 |
| juniper_networks | junos_os | >= 18.4 < 18.4R2-S7, 18.4R3-S6 | 18.4R2-S7, 18.4R3-S6 |
| juniper_networks | junos_os | >= 19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S3 | 19.1R1-S6, 19.1R2-S2, 19.1R3-S3 |
| juniper_networks | junos_os | >= 19.2 < 19.2R1-S5, 19.2R3-S1 | 19.2R1-S5, 19.2R3-S1 |
GHSA
GHSA-fm24-2jhw-cp33: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authent
ghsa_unreviewed·2022-05-24
CVE-2021-0204 [HIGH] CWE-200 GHSA-fm24-2jhw-cp33: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authent
A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X7
Juniper
CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authent
vendor_juniper·2021-01-15·CVSS 7.8
CVE-2021-0204 [HIGH] CWE-250 CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authent
CVE-2021-0204: A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read database files generated by the dexp utility, including password hashes of local users. Since dexp is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run dexp with root privileges and access sensitive information in the dexp database. This issue affects Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S8; 15.1X49 versions prior to 15.1X49-D230; 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-15
Published