// For flags

CVE-2021-31356

Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO.

Una vulnerabilidad de inyección de comandos en el procesamiento de comandos en Juniper Networks Junos OS Evolved permite a un atacante con acceso autenticado a la CLI ser capaz de omitir las protecciones de acceso configuradas para ejecutar comandos de shell arbitrarios dentro del contexto del usuario actual. La vulnerabilidad permite a un atacante omitir las restricciones de autorización de comandos asignadas a su cuenta de usuario específica y ejecutar comandos que están disponibles para el nivel de privilegio para el que el usuario está asignado. Por ejemplo, un usuario que está en la clase de inicio de sesión de superusuario, pero restringido a la ejecución de comandos específicos de la CLI podría explotar la vulnerabilidad para ejecutar cualquier otro comando disponible para un usuario administrador sin restricciones. Esta vulnerabilidad no aumenta el nivel de privilegios del usuario, sino que omite cualquier restricción de comandos de la CLI al permitir el acceso completo al shell. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.4R3-S1-EVO; Todas las versiones de 21.1-EVO y 21.2-EVO

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-10-19 CVE Published
  • 2023-05-12 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA11221 2022-10-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 <= 20.3
Search vendor "Juniper" for product "Junos Os Evolved" and version " <= 20.3"
-
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s2
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s2
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s3
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
-
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r2
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
 Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
 21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r2
Affected