CVE-2021-0235 — Incorrect Default Permissions in Networks Junos OS

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.1%

top 84.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from ano…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:LExploitability: 1.5 | Impact: 5.3

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os18.3R1 — 18.3*+9

▶NVDjuniper/junos9 versions+8

🔴Vulnerability Details

GHSA

GHSA-3w49-97mp-g27g: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to i↗2022-05-24

▶

CVEList

Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0235: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to i↗2021-04-22

▶