CVE-2021-31356 — Command Injection in Networks Junos OS Evolved

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 72.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 19

Latest updateMay 24

Description

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S1-EVO+2

▶NVDjuniper/junos_os_evolved20.3+3

🔴Vulnerability Details

GHSA

GHSA-fr6c-hwr9-4gr5: A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be ab↗2022-05-24

▶

CVEList

Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31356: A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be ab↗2021-10-19

▶