CVE-2021-31372Improper Input Validation in Networks Junos OS

CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 33.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 19
Latest updateMay 24

Description

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified18.3R3-S5+11
NVDjuniper/junos18.2+12

🔴Vulnerability Details

2
GHSA
GHSA-86jj-q96q-44q7: An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privi2022-05-24
CVEList
Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.2021-10-19

📋Vendor Advisories

1
Juniper
CVE-2021-31372: An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privi2021-10-19
CVE-2021-31372 — Improper Input Validation | cvebase