CVE-2021-0246Incorrect Default Permissions in Networks Junos OS

CWE-276Incorrect Default Permissions5 documents5 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 88.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:LExploitability: 1.5 | Impact: 5.3

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.418.4R2+2
NVDjuniper/junos18.3, 18.4, 19.1+2

🔴Vulnerability Details

2
GHSA
GHSA-3qv2-jq3w-6j4x: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect def2022-05-24
CVEList
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3: In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network impacting other te2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0246: On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect def2021-04-22

💬Community

1
Bugzilla
CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error2020-09-22
CVE-2021-0246 — Incorrect Default Permissions | cvebase