CVSS: 5.5EPSS: 0%CPEs: 183EXPL: 0CVE-2021-0256 – Junos OS: mosquitto Local Privilege Escalation vulnerability in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0256
A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3. Una vulnerabilidad de divulgación de información confidencial en el broker de mensajes mosquitto de Juniper Networks Junos OS, puede permitir a un usuario autenticado localmente con acceso de shell la habilidad de leer partes de archivos confidenciales, tal y como el archivo master.passwd. Desde que mosquitto es enviado con permisos setuid habilitados y es propiedad del usuario root, esta vulnerabilidad puede permitir a un usuario privilegiado local la habilidad ejecutar mosquitto con privilegios de root y acceder a información confidencial almacenada en el sistema de archivos local. • https://kb.juniper.net/JSA11175 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 183EXPL: 0CVE-2021-0255 – Junos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0255
A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1. Una vulnerabilidad de escalada de privilegios local en ethtraceroute de Juniper Networks Junos OS, puede permitir a un usuario autenticado localmente con acceso de shell escalar privilegios y escribir en el sistema de archivos local como root. ethtraceroute es enviado con los permisos setuid habilitados y es propiedad del usuario root, permitiendo a usuarios locales locales ejecutar ethtraceroute con privilegios de root. Este problema afecta a Junos de Juniper Networks OS: versiones 15.1X49 anteriores a 15.1X49-D240; Versiones 17.3 anteriores a 17.3R3-S11, versiones 17.4 anteriores a 17.4R3-S4; versiones 18.1 anteriores a 18.1R3-S12; versiones 18.2 anteriores a 18.2R3-S7; versiones 18.3 anteriores a 18.3R3-S4; versiones 18.4 anteriores a 18.4R2-S7; versiones 19.1 anteriores a 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; versiones 19.3 anteriores a 19.3R3-S2; versiones 19.4 anteriores a 19.4R3-S1; versiones 20.1 anteriores a 20.1R2, 20.1R3; versiones 20.2 anteriores a 20.2R2-S1, 20.2R3 • https://kb.juniper.net/JSA11175 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 235EXPL: 0CVE-2021-0254 – Junos OS: Remote code execution vulnerability in overlayd service
https://notcve.org/view.php?id=CVE-2021-0254
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to remote code execution (RCE). Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow. • https://kb.juniper.net/JSA11147 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 169EXPL: 1CVE-2021-0253 – Junos OS: NFX Series: Local Command Execution Vulnerability in JDMD Leads to Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-0253
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series 17.2 version 17.2R1 and later versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S3; 19.2 version 19.1R2 and later versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2-S2. 19.4 versions 19.4R3 and above. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020. Los dispositivos de la serie NFX que utilizan Juniper Networks Junos OS son susceptibles a una vulnerabilidad de ejecución de comandos locales, permitiendo a un atacante elevar sus privilegios por medio del proceso Junos Device Management Daemon (JDMD). • https://github.com/orangecertcc/security-research/security/advisories/GHSA-vrf9-cjcp-rwcr https://kb.juniper.net/JSA11146 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 83EXPL: 1CVE-2021-0252 – Junos OS: NFX Series: Local Code Execution Vulnerability in JDMD Leads to Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-0252
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This issue affects Juniper Networks Junos OS on NFX Series: 18.1 version 18.1R1 and later versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 18.1R1. This issue does not affect the JDMD as used by Junos Node Slicing such as External Servers use in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020. Los dispositivos de la Serie NFX que utilizan Juniper Networks Junos OS son susceptibles a una vulnerabilidad de ejecución de código local, permitiendo a un atacante elevar sus privilegios mediante el proceso Junos Device Management Daemon (JDMD). • https://github.com/orangecertcc/security-research/security/advisories/GHSA-gr7j-26pv-5v57 https://kb.juniper.net/JSA11145 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •