CVE-2021-31358 — Command Injection in Networks Junos OS Evolved

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 55.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 19

Latest updateMay 24

Description

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For examp…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R2-S2-EVO+2

▶NVDjuniper/junos_os_evolved20.3+3

🔴Vulnerability Details

GHSA

GHSA-qp62-jp68-8rx4: A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to↗2022-05-24

▶

CVEList

Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31358: A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to↗2021-10-19

▶