CVE-2021-0253 — Command Injection in Networks Junos OS

CWE-77 — Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 36.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 18.3R3-S4+6

▶NVDjuniper/junos11 versions+10

🔴Vulnerability Details

GHSA

GHSA-8mfm-9h94-j57q: NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate↗2022-05-24

▶

CVEList

Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0253: NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate↗2021-04-22

▶