CVE-2021-0219 — OS Command Injection in Networks Junos OS

CWE-78 — OS Command Injection6 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 89.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 15

Latest updateMay 24

Description

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. This issue affects Juniper Networks Junos OS: all versi…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 17.3R3-S10+12

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-jpqx-f853-g2j5: A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker↗2022-05-24

▶

CVEList

Junos OS: Command injection vulnerability in 'request system software' CLI command↗2021-01-15

▶

📋Vendor Advisories

Oracle

Oracle Oracle Retail Applications Risk Matrix: Xenvironment (Apache cordova-plugin-inappbrowser) — CVE-2019-0219↗2021-07-15

▶

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Browser (Apache Cordova InAppBrowser) — CVE-2019-0219↗2021-04-15

▶

Juniper

CVE-2021-0219: A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker↗2021-01-15

▶