Lucene search

JuniperCVE-2021-0256

HistoryApr 22, 2021 - 8:15 p.m.

CVE-2021-0256

2021-04-2220:15:09

CWE-269

CWE-250

juniper

web.nvd.nist.gov

cve-2021-0256

juniper networks

junos os

mosquitto

information disclosure

vulnerability

security

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3.

Affected configurations

Nvd

Node

juniperjunosMatch17.3-

juniperjunosMatch17.3r1

juniperjunosMatch17.3r1-s1

juniperjunosMatch17.3r1-s4

juniperjunosMatch17.3r2

juniperjunosMatch17.3r2-s1

juniperjunosMatch17.3r2-s2

juniperjunosMatch17.3r2-s3

juniperjunosMatch17.3r2-s4

juniperjunosMatch17.3r2-s5

juniperjunosMatch17.3r3

juniperjunosMatch17.3r3-

juniperjunosMatch17.3r3-s1

juniperjunosMatch17.3r3-s10

juniperjunosMatch17.3r3-s11

juniperjunosMatch17.3r3-s2

juniperjunosMatch17.3r3-s3

juniperjunosMatch17.3r3-s4

juniperjunosMatch17.3r3-s5

juniperjunosMatch17.3r3-s6

juniperjunosMatch17.3r3-s7

juniperjunosMatch17.3r3-s8

juniperjunosMatch17.3r3-s9

juniperjunosMatch17.4-

juniperjunosMatch17.4r1

juniperjunosMatch17.4r1-s1

juniperjunosMatch17.4r1-s2

juniperjunosMatch17.4r1-s3

juniperjunosMatch17.4r1-s4

juniperjunosMatch17.4r1-s5

juniperjunosMatch17.4r1-s6

juniperjunosMatch17.4r1-s7

juniperjunosMatch17.4r2

juniperjunosMatch17.4r2-s1

juniperjunosMatch17.4r2-s10

juniperjunosMatch17.4r2-s11

juniperjunosMatch17.4r2-s12

juniperjunosMatch17.4r2-s2

juniperjunosMatch17.4r2-s3

juniperjunosMatch17.4r2-s4

juniperjunosMatch17.4r2-s5

juniperjunosMatch17.4r2-s6

juniperjunosMatch17.4r2-s7

juniperjunosMatch17.4r2-s8

juniperjunosMatch17.4r2-s9

juniperjunosMatch17.4r3

juniperjunosMatch17.4r3-s1

juniperjunosMatch17.4r3-s2

juniperjunosMatch17.4r3-s3

juniperjunosMatch18.1-

juniperjunosMatch18.1r1

juniperjunosMatch18.1r2

juniperjunosMatch18.1r2-s1

juniperjunosMatch18.1r2-s2

juniperjunosMatch18.1r2-s4

juniperjunosMatch18.1r3

juniperjunosMatch18.1r3-s1

juniperjunosMatch18.1r3-s10

juniperjunosMatch18.1r3-s11

juniperjunosMatch18.1r3-s2

juniperjunosMatch18.1r3-s3

juniperjunosMatch18.1r3-s4

juniperjunosMatch18.1r3-s5

juniperjunosMatch18.1r3-s6

juniperjunosMatch18.1r3-s7

juniperjunosMatch18.1r3-s8

juniperjunosMatch18.1r3-s9

juniperjunosMatch18.2-

juniperjunosMatch18.2r1

juniperjunosMatch18.2r1-s2

juniperjunosMatch18.2r1-s3

juniperjunosMatch18.2r1-s4

juniperjunosMatch18.2r1-s5

juniperjunosMatch18.2r2

juniperjunosMatch18.2r2-s1

juniperjunosMatch18.2r2-s2

juniperjunosMatch18.2r2-s3

juniperjunosMatch18.2r2-s4

juniperjunosMatch18.2r2-s5

juniperjunosMatch18.2r2-s6

juniperjunosMatch18.2r2-s7

juniperjunosMatch18.2r3

juniperjunosMatch18.2r3-s1

juniperjunosMatch18.2r3-s2

juniperjunosMatch18.2r3-s3

juniperjunosMatch18.2r3-s4

juniperjunosMatch18.2r3-s5

juniperjunosMatch18.2r3-s6

juniperjunosMatch18.3-

juniperjunosMatch18.3r1

juniperjunosMatch18.3r1-s1

juniperjunosMatch18.3r1-s2

juniperjunosMatch18.3r1-s3

juniperjunosMatch18.3r1-s4

juniperjunosMatch18.3r1-s5

juniperjunosMatch18.3r1-s6

juniperjunosMatch18.3r2

juniperjunosMatch18.3r2-s1

juniperjunosMatch18.3r2-s2

juniperjunosMatch18.3r2-s3

juniperjunosMatch18.3r2-s4

juniperjunosMatch18.3r3

juniperjunosMatch18.3r3-s1

juniperjunosMatch18.3r3-s2

juniperjunosMatch18.3r3-s3

juniperjunosMatch18.4-

juniperjunosMatch18.4r1

juniperjunosMatch18.4r1-s1

juniperjunosMatch18.4r1-s2

juniperjunosMatch18.4r1-s3

juniperjunosMatch18.4r1-s4

juniperjunosMatch18.4r1-s5

juniperjunosMatch18.4r1-s6

juniperjunosMatch18.4r1-s7

juniperjunosMatch18.4r2

juniperjunosMatch18.4r2-s1

juniperjunosMatch18.4r2-s2

juniperjunosMatch18.4r2-s3

juniperjunosMatch18.4r2-s4

juniperjunosMatch18.4r2-s5

juniperjunosMatch18.4r2-s6

juniperjunosMatch18.4r3

juniperjunosMatch18.4r3-s1

juniperjunosMatch18.4r3-s2

juniperjunosMatch18.4r3-s3

juniperjunosMatch18.4r3-s4

juniperjunosMatch18.4r3-s5

juniperjunosMatch18.4r3-s6

juniperjunosMatch19.1-

juniperjunosMatch19.1r1

juniperjunosMatch19.1r1-s1

juniperjunosMatch19.1r1-s2

juniperjunosMatch19.1r1-s3

juniperjunosMatch19.1r1-s4

juniperjunosMatch19.1r1-s5

juniperjunosMatch19.1r2

juniperjunosMatch19.1r2-s1

juniperjunosMatch19.1r3

juniperjunosMatch19.1r3-s1

juniperjunosMatch19.1r3-s2

juniperjunosMatch19.1r3-s3

juniperjunosMatch19.2-

juniperjunosMatch19.2r1

juniperjunosMatch19.2r1-s1

juniperjunosMatch19.2r1-s2

juniperjunosMatch19.2r1-s3

juniperjunosMatch19.2r1-s4

juniperjunosMatch19.2r1-s5

juniperjunosMatch19.2r2

juniperjunosMatch19.2r2-s1

juniperjunosMatch19.2r3

juniperjunosMatch19.2r3-s1

juniperjunosMatch19.3-

juniperjunosMatch19.3r1

juniperjunosMatch19.3r1-s1

juniperjunosMatch19.3r2

juniperjunosMatch19.3r2-s1

juniperjunosMatch19.3r2-s2

juniperjunosMatch19.3r2-s3

juniperjunosMatch19.3r2-s4

juniperjunosMatch19.3r2-s5

juniperjunosMatch19.3r3

juniperjunosMatch19.4r1

juniperjunosMatch19.4r1-s1

juniperjunosMatch19.4r1-s2

juniperjunosMatch19.4r2

juniperjunosMatch19.4r2-s1

juniperjunosMatch19.4r2-s2

juniperjunosMatch19.4r3

juniperjunosMatch19.4r3-s1

juniperjunosMatch20.1r1

juniperjunosMatch20.1r1-s1

juniperjunosMatch20.1r1-s2

juniperjunosMatch20.1r1-s3

juniperjunosMatch20.1r1-s4

juniperjunosMatch20.2r1

juniperjunosMatch20.2r1-s1

juniperjunosMatch20.2r1-s2

juniperjunosMatch20.2r1-s3

juniperjunosMatch20.2r2

juniperjunosMatch20.3r1

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

VendorProductVersionCPE
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*
juniperjunos17.3cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:-::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r1::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r1-s4::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
juniper	junos	17.3	cpe:2.3:o:juniper:junos:17.3:r2-s5::::::

Rows per page:

1-10 of 1831

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "17.3R3-S12",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R3-S4",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S12",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R3-S4",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R3-S4",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S1, 19.3R3-S2",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R2-S3",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R2",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R1-S3, 20.2R2, 20.2R3",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA11175

Social References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-0256