CVE-2021-0218OS Command Injection in Networks Junos OS

CWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 42.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 version

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.317.3R3-S9+11
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-9678-97g2-v2v3: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr2022-05-24
CVEList
Junos OS: Command injection vulnerability in license-check daemon2021-01-15

📋Vendor Advisories

1
Juniper
CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr2021-01-15
CVE-2021-0218 — OS Command Injection | cvebase