Lucene search
JuniperCVE-2021-0210HistoryJan 15, 2021 - 6:15 p.m.
CVE-2021-0210
2021-01-1518:15:15
CWE-200
juniper
web.nvd.nist.gov
65
5
cve-2021-0210
information exposure
j-web
juniper networks
junos os
vulnerability
unauthenticated attacker
privilege escalation
nvd
security issue
opportunistic use
session hijacking
authentication
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
51.5%
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2.
Affected configurations
Node
juniperjunosMatch12.3-
ORjuniperjunosMatch12.3r1
ORjuniperjunosMatch12.3r10
ORjuniperjunosMatch12.3r10-s1
ORjuniperjunosMatch12.3r10-s2
ORjuniperjunosMatch12.3r11
ORjuniperjunosMatch12.3r12
ORjuniperjunosMatch12.3r12-s1
ORjuniperjunosMatch12.3r12-s11
ORjuniperjunosMatch12.3r12-s12
ORjuniperjunosMatch12.3r12-s13
ORjuniperjunosMatch12.3r12-s14
ORjuniperjunosMatch12.3r12-s15
ORjuniperjunosMatch12.3r12-s16
ORjuniperjunosMatch12.3r12-s3
ORjuniperjunosMatch12.3r12-s4
ORjuniperjunosMatch12.3r12-s6
ORjuniperjunosMatch12.3r12-s8
ORjuniperjunosMatch17.3-
ORjuniperjunosMatch17.3r1-s1
ORjuniperjunosMatch17.3r2
ORjuniperjunosMatch17.3r2-s1
ORjuniperjunosMatch17.3r2-s2
ORjuniperjunosMatch17.3r2-s3
ORjuniperjunosMatch17.3r2-s4
ORjuniperjunosMatch17.3r2-s5
ORjuniperjunosMatch17.3r3-
ORjuniperjunosMatch17.3r3-s1
ORjuniperjunosMatch17.3r3-s2
ORjuniperjunosMatch17.3r3-s3
ORjuniperjunosMatch17.3r3-s4
ORjuniperjunosMatch17.3r3-s7
ORjuniperjunosMatch17.3r3-s8
ORjuniperjunosMatch17.3r3-s9
ORjuniperjunosMatch17.4-
ORjuniperjunosMatch17.4r1
ORjuniperjunosMatch17.4r1-s1
ORjuniperjunosMatch17.4r1-s2
ORjuniperjunosMatch17.4r1-s4
ORjuniperjunosMatch17.4r1-s5
ORjuniperjunosMatch17.4r1-s6
ORjuniperjunosMatch17.4r1-s7
ORjuniperjunosMatch17.4r2
ORjuniperjunosMatch17.4r2-s1
ORjuniperjunosMatch17.4r2-s10
ORjuniperjunosMatch17.4r2-s11
ORjuniperjunosMatch17.4r2-s2
ORjuniperjunosMatch17.4r2-s3
ORjuniperjunosMatch17.4r2-s4
ORjuniperjunosMatch17.4r2-s5
ORjuniperjunosMatch17.4r2-s6
ORjuniperjunosMatch17.4r2-s7
ORjuniperjunosMatch17.4r2-s8
ORjuniperjunosMatch17.4r2-s9
ORjuniperjunosMatch17.4r3
ORjuniperjunosMatch17.4r3-s1
ORjuniperjunosMatch17.4r3-s2
ORjuniperjunosMatch18.1-
ORjuniperjunosMatch18.1r1
ORjuniperjunosMatch18.1r2
ORjuniperjunosMatch18.1r2-s1
ORjuniperjunosMatch18.1r2-s2
ORjuniperjunosMatch18.1r2-s4
ORjuniperjunosMatch18.1r3
ORjuniperjunosMatch18.1r3-s1
ORjuniperjunosMatch18.1r3-s10
ORjuniperjunosMatch18.1r3-s2
ORjuniperjunosMatch18.1r3-s3
ORjuniperjunosMatch18.1r3-s4
ORjuniperjunosMatch18.1r3-s6
ORjuniperjunosMatch18.1r3-s7
ORjuniperjunosMatch18.1r3-s8
ORjuniperjunosMatch18.1r3-s9
ORjuniperjunosMatch18.2-
ORjuniperjunosMatch18.2r1
ORjuniperjunosMatch18.2r1-
ORjuniperjunosMatch18.2r1-s3
ORjuniperjunosMatch18.2r1-s4
ORjuniperjunosMatch18.2r1-s5
ORjuniperjunosMatch18.2r2
ORjuniperjunosMatch18.2r2-s1
ORjuniperjunosMatch18.2r2-s2
ORjuniperjunosMatch18.2r2-s3
ORjuniperjunosMatch18.2r2-s4
ORjuniperjunosMatch18.2r2-s5
ORjuniperjunosMatch18.2r2-s6
ORjuniperjunosMatch18.2r3
ORjuniperjunosMatch18.2r3-s1
ORjuniperjunosMatch18.2r3-s2
ORjuniperjunosMatch18.2r3-s3
ORjuniperjunosMatch18.2r3-s4
ORjuniperjunosMatch18.2r3-s5
ORjuniperjunosMatch18.3-
ORjuniperjunosMatch18.3r1
ORjuniperjunosMatch18.3r1-s1
ORjuniperjunosMatch18.3r1-s2
ORjuniperjunosMatch18.3r1-s3
ORjuniperjunosMatch18.3r1-s5
ORjuniperjunosMatch18.3r1-s6
ORjuniperjunosMatch18.3r2
ORjuniperjunosMatch18.3r2-s1
ORjuniperjunosMatch18.3r2-s2
ORjuniperjunosMatch18.3r2-s3
ORjuniperjunosMatch18.3r3
ORjuniperjunosMatch18.3r3-s1
ORjuniperjunosMatch18.3r3-s2
ORjuniperjunosMatch18.3r3-s3
ORjuniperjunosMatch18.4-
ORjuniperjunosMatch18.4r1
ORjuniperjunosMatch18.4r1-s1
ORjuniperjunosMatch18.4r1-s2
ORjuniperjunosMatch18.4r1-s5
ORjuniperjunosMatch18.4r1-s6
ORjuniperjunosMatch18.4r2
ORjuniperjunosMatch18.4r2-s1
ORjuniperjunosMatch18.4r2-s2
ORjuniperjunosMatch18.4r2-s3
ORjuniperjunosMatch18.4r2-s4
ORjuniperjunosMatch18.4r3
ORjuniperjunosMatch18.4r3-s1
ORjuniperjunosMatch18.4r3-s2
ORjuniperjunosMatch18.4r3-s3
ORjuniperjunosMatch18.4r3-s4
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.1r3-s2
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.1r1-s3
ORjuniperjunosMatch20.2r1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:* |
| juniper | junos | 12.3 | cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S17",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S10",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S12, 17.4R3-S3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S11",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3-S6",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S4",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3-S5",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S6, 19.1R2-S2, 19.1R3-S3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R3, 19.2R3-S1",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S4, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2-S2, 19.4R3",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R1-S4, 20.1R2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R1-S1, 20.2R2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
nessus
nessus
Juniper Junos OS Privilege Escalation in J-Web (JSA11100)
2021-02-04 00:00:00
nvd
nvd
CVE-2021-0210
2021-01-15 18:15:15
prion
prion
Information disclosure
2021-01-15 18:15:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
6.5
Confidence
High
EPSS
0.002
Percentile
51.5%
Related for CVE-2021-0210