CVE-2021-0278
Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root.
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated attacker to escalate their privileges to root over the target device. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19.3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20.3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 This issue affects: Juniper Networks Junos OS 19.3 versions 19.3R1 and above prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
Una vulnerabilidad de ComprobaciĆ³n de Entrada Inapropiada en J-Web de Juniper Networks Junos OS permite a un atacante autenticado localmente escalar sus privilegios hasta convertirse en root en el dispositivo de destino. junos:18.3R3-S5 junos:18.4R3-S9 junos:19.1R3-S6 junos:19. 3R2-S6 junos:19.3R3-S3 junos:19.4R1-S4 junos:19.4R3-S4 junos:20.1R2-S2 junos:20.1R3 junos:20.2R3-S1 junos:20.3X75-D20 junos:20. 3X75-D30 junos:20.4R2-S1 junos:20.4R3 junos:21.1R1-S1 junos:21.1R2 junos:21.2R1 junos:21.3R1 Este problema afecta a versiones de: Juniper Networks Junos OS 19.3 versiones 19.3R1 y superiores anteriores a 19.3R2-S6, 19.3R3-S3; versiones 19.4 anteriores a 19.4R3-S5; versiones 20.1 anteriores a 20.1R2-S2, 20. 1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R2-S1, 20.4R3; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 19.3R1
*Credits:
The Juniper SIRT wishes to thank Luca Ercoli regarding PR 1511853
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-10-27 CVE Reserved
- 2021-07-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r2-s5 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.3 Search vendor "Juniper" for product "Junos" and version "19.3" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r1-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r2-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r3-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r3-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 19.4 Search vendor "Juniper" for product "Junos" and version "19.4" | r3-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r1-s4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.1 Search vendor "Juniper" for product "Junos" and version "20.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r1-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r2-s2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r2-s3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.2 Search vendor "Juniper" for product "Junos" and version "20.2" | r3-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.3 Search vendor "Juniper" for product "Junos" and version "20.3" | r2-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| ||||||