An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated malicious user to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This issue affects Juniper Networks Junos OS: 18.4 versions before 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions before 19.1R2-S3, 19.1R3-S5; 19.2 versions before 19.2R1-S7, 19.2R3-S2; 19.3 versions before 19.3R2-S6, 19.3R3-S2; 19.4 versions before 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions before 20.1R2-S2, 20.1R3; 20.2 versions before 20.2R2-S3, 20.2R3; 20.3 versions before 20.3R2-S1, 20.3R3; 20.4 versions before 20.4R2. This issue does not affect Juniper Networks Junos OS versions before 18.4R1. Juniper Networks Junos OS Evolved: All versions before 20.4R2-EVO; 21.1-EVO versions before 21.1R2-EVO.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
||
juniper junos 20.3 |
||
juniper junos 20.4 |
||
juniper junos os evolved 18.3 |
||
juniper junos os evolved 19.1 |
||
juniper junos os evolved 19.2 |
||
juniper junos os evolved 19.3 |
||
juniper junos os evolved 19.4 |
||
juniper junos os evolved 20.1 |
||
juniper junos os evolved 20.2 |
||
juniper junos os evolved 20.3 |
||
juniper junos os evolved 20.4 |
||
juniper junos os evolved 21.1 |