CVE-2021-0218
published 2021-01-15CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | >= 17.3 < 17.3R3-S9 | 17.3R3-S9 |
| juniper_networks | junos_os | >= 17.4 < 17.4R2-S12, 17.4R3-S3 | 17.4R2-S12, 17.4R3-S3 |
| juniper_networks | junos_os | >= 18.1 < 18.1R3-S11 | 18.1R3-S11 |
| juniper_networks | junos_os | >= 18.2 < 18.2R3-S6 | 18.2R3-S6 |
| juniper_networks | junos_os | >= 18.3 < 18.3R3-S4 | 18.3R3-S4 |
| juniper_networks | junos_os | >= 18.4 < 18.4R3-S6 | 18.4R3-S6 |
| juniper_networks | junos_os | >= 19.1 < 19.1R1-S6, 19.1R2-S2, 19.1R3-S3 | 19.1R1-S6, 19.1R2-S2, 19.1R3-S3 |
| juniper_networks | junos_os | >= 19.2 < 19.2R3-S1 | 19.2R3-S1 |
| juniper_networks | junos_os | >= 19.3 < 19.3R2-S5, 19.3R3 | 19.3R2-S5, 19.3R3 |
| juniper_networks | junos_os | >= 19.4 < 19.4R2-S2, 19.4R3 | 19.4R2-S2, 19.4R3 |
| juniper_networks | junos_os | >= 20.1 < 20.1R1-S4, 20.1R2 | 20.1R1-S4, 20.1R2 |
| juniper_networks | junos_os | >= 20.2 < 20.2R1-S2, 20.2R2 | 20.2R1-S2, 20.2R2 |
GHSA
GHSA-9678-97g2-v2v3: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr
ghsa_unreviewed·2022-05-24
CVE-2021-0218 [HIGH] CWE-78 GHSA-9678-97g2-v2v3: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3
Juniper
CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr
vendor_juniper·2021-01-15·CVSS 7.8
CVE-2021-0218 [HIGH] CWE-78 CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low pr
CVE-2021-0218: A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-01-15
Published