CVE-2021-31359 — Stack-based Buffer Overflow in Networks Junos OS

CWE-121 — Stack-based Buffer Overflow CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 92.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedOct 19

Latest updateMay 24

Description

A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' com…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R2-S3-EVO+1

▶CVEListV5juniper_networks/junos_os15.1 — 15.1R7-S10+12

▶NVDjuniper/junos_os_evolved20.3+2

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-2m9j-6j4j-wm2c: A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper↗2022-05-24

▶

CVEList

Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31359: A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper↗2021-10-19

▶