CVE-2021-31358

{"id": "CVE-2021-31358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-10-19T19:15:09.013", "references": [{"url": "https://kb.juniper.net/JSA11221", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el procesamiento de comandos sftp en Juniper Networks Junos OS Evolved permite a un atacante con acceso autenticado a la CLI ser capaz de omitir las protecciones de acceso configuradas para ejecutar comandos de shell arbitrarios dentro del contexto del usuario actual. La vulnerabilidad permite a un atacante omitir las restricciones de autorizaci\u00f3n de comandos asignadas a su cuenta de usuario espec\u00edfica y ejecutar comandos que est\u00e1n disponibles para el nivel de privilegio para el que el usuario est\u00e1 asignado. Por ejemplo, un usuario que est\u00e1 en la clase de inicio de sesi\u00f3n de superusuario, pero restringido a la ejecuci\u00f3n de comandos espec\u00edficos de la CLI podr\u00eda explotar la vulnerabilidad para ejecutar cualquier otro comando disponible para un usuario administrador sin restricciones. Esta vulnerabilidad no aumenta el nivel de privilegios del usuario, sino que omite cualquier restricci\u00f3n de comandos de la CLI al permitir el acceso completo al shell. Este problema afecta a Juniper Networks Junos OS Evolved: Todas las versiones anteriores a 20.4R2-S2-EVO; las versiones 21.1 anteriores a 21.1R2-EVO; las versiones 21.2 anteriores a 21.2R1-S1-EVO, 21.2R2-EVO"}], "lastModified": "2022-10-24T18:44:06.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C8EA231-338B-46A2-BE77-3A7AB54BD148", "versionEndIncluding": "20.3"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}