// For flags

CVE-2021-31354

Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE)

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Out Of Bounds (OOB) access vulnerability in the handling of responses by a Juniper Agile License (JAL) Client in Juniper Networks Junos OS and Junos OS Evolved, configured in Network Mode (to use Juniper Agile License Manager) may allow an attacker to cause a partial Denial of Service (DoS), or lead to remote code execution (RCE). The vulnerability exists in the packet parsing logic on the client that processes the response from the server using a custom protocol. An attacker with control of a JAL License Manager, or with access to the local broadcast domain, may be able to spoof a new JAL License Manager and/or craft a response to the Junos OS License Client, leading to exploitation of this vulnerability. This issue only affects Junos systems configured in Network Mode. Systems that are configured in Standalone Mode (the default mode of operation for all systems) are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: version 20.1R1-EVO and later versions, prior to 21.2R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 19.2R1.

Una vulnerabilidad de acceso fuera de límites (OOB) en el manejo de respuestas por parte de un cliente de Juniper Agile License (JAL) en Juniper Networks Junos OS y Junos OS Evolved, configurado en modo de red (para usar Juniper Agile License Manager) puede permitir a un atacante causar una Denegación de Servicio (DoS) parcial o conllevar a una ejecución remota de código (RCE). La vulnerabilidad se presenta en la lógica de análisis de paquetes en el cliente que procesa la respuesta del servidor usando un protocolo personalizado. Un atacante con el control de un Administrador de Licencias JAL, o con acceso al dominio de difusión local, puede ser capaz de falsificar un nuevo Administrador de Licencias JAL y/o diseñar una respuesta al Cliente de Licencias del Sistema Operativo Junos, conllevando a una explotación de esta vulnerabilidad. Este problema sólo afecta a los sistemas Junos configurados en modo de red. Los sistemas configurados en modo autónomo (el modo de funcionamiento predeterminado para todos los sistemas) no son vulnerables a este problema. Este problema afecta a: Juniper Networks Junos OS: versiones 19.2 anteriores a 19.2R3-S3; versiones 19.3 anteriores a 19.3R3-S3; versiones 20.1 anteriores a 20.1R2-S2, 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R2. Juniper Networks Junos OS Evolved: versión 20.1R1-EVO y versiones posteriores, anteriores a 21.2R2-EVO. Este problema no afecta a las versiones de Juniper Networks Junos OS anteriores a 19.2R1

*Credits: Juniper SIRT would like to acknowledge and thank The UK's National Cyber Security Centre (NCSC) for responsibly reporting this vulnerability.
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Attack Vector
Adjacent
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-10-19 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA11219 2021-10-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s4
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s5
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r1-s6
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.2
Search vendor "Juniper" for product "Junos" and version "19.2"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2-s4
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r2-s5
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
19.3
Search vendor "Juniper" for product "Junos" and version "19.3"
r3-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r1-s4
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.1
Search vendor "Juniper" for product "Junos" and version "20.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.2
Search vendor "Juniper" for product "Junos" and version "20.2"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.3
Search vendor "Juniper" for product "Junos" and version "20.3"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
20.4
Search vendor "Juniper" for product "Junos" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos
Search vendor "Juniper" for product "Junos"
21.1
Search vendor "Juniper" for product "Junos" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2-s4
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r2-s5
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
r1-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.3"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s1
Affected