CVE-2021-0210Sensitive Information Exposure in Networks Junos OS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 38.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4;

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S17+12
NVDjuniper/junos13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-4gh5-fw3f-vm8m: An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the ta2022-05-24
CVEList
Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session2021-01-15

📋Vendor Advisories

1
Juniper
CVE-2021-0210: An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the ta2021-01-15
CVE-2021-0210 — Sensitive Information Exposure | cvebase