CVE-2021-0252 — Command Injection in Networks Junos OS

CWE-77 — Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 62.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os18.1R1 — 18.1*+5

▶NVDjuniper/junos6 versions+5

🔴Vulnerability Details

GHSA

GHSA-wrfm-cj7g-8822: NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate the↗2022-05-24

▶

CVEList

Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0252: NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate the↗2021-04-22

▶