9
CVSSv2

CVE-2021-31350

Published: 19/10/2021 Updated: 25/10/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated malicious user to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions before 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions before 19.1R2-S3, 19.1R3-S5; 19.2 versions before 19.2R1-S7, 19.2R3-S2; 19.3 versions before 19.3R2-S6, 19.3R3-S2; 19.4 versions before 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions before 20.1R2-S2, 20.1R3; 20.2 versions before 20.2R2-S3, 20.2R3; 20.3 versions before 20.3R2-S1, 20.3R3; 20.4 versions before 20.4R2. This issue does not affect Juniper Networks Junos OS versions before 18.4R1. Juniper Networks Junos OS Evolved: All versions before 20.4R2-EVO; 21.1-EVO versions before 21.1R2-EVO.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

juniper junos 18.4

juniper junos 19.1

juniper junos 19.2

juniper junos 19.3

juniper junos 19.4

juniper junos 20.1

juniper junos 20.2

juniper junos 20.3

juniper junos 20.4

juniper junos os evolved 18.3

juniper junos os evolved 19.1

juniper junos os evolved 19.2

juniper junos os evolved 19.3

juniper junos os evolved 19.4

juniper junos os evolved 20.1

juniper junos os evolved 20.2

juniper junos os evolved 20.3

juniper junos os evolved 20.4

juniper junos os evolved 21.1