CVE-2021-0218 - Vulnerability Details

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user executes the command 'request system license update' via the CLI. An attacker with access to this CLI command may be able to exploit the vulnerability. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:17.3:-::::::
	cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
	cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s8::::::
	cpe:2.3:o:juniper:junos:17.4:-::::::
	cpe:2.3:o:juniper:junos:17.4:r1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
	cpe:2.3:o:juniper:junos:17.4:r2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s11::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
	cpe:2.3:o:juniper:junos:18.1:-::::::
	cpe:2.3:o:juniper:junos:18.1:r1::::::
	cpe:2.3:o:juniper:junos:18.1:r2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
	cpe:2.3:o:juniper:junos:18.1:r3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s10::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s9::::::
	cpe:2.3:o:juniper:junos:18.2:-::::::
	cpe:2.3:o:juniper:junos:18.2:r1::::::
	cpe:2.3:o:juniper:junos:18.2:r1:-:::::*
	cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
	cpe:2.3:o:juniper:junos:18.2:r1-s4::::::
	cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
	cpe:2.3:o:juniper:junos:18.2:r2::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
	cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
	cpe:2.3:o:juniper:junos:18.2:r3::::::
	cpe:2.3:o:juniper:junos:18.2:r3-s1::::::
cpe:2.3:o:juniper:junos:18.2:r3-s2::::::
cpe:2.3:o:juniper:junos:18.2:r3-s3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s4::::::
cpe:2.3:o:juniper:junos:18.2:r3-s5::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s1::::::
cpe:2.3:o:juniper:junos:18.3:r2-s2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s3::::::
cpe:2.3:o:juniper:junos:18.3:r2-s4::::::
cpe:2.3:o:juniper:junos:18.3:r3::::::
cpe:2.3:o:juniper:junos:18.3:r3-s1::::::
cpe:2.3:o:juniper:junos:18.3:r3-s2::::::
cpe:2.3:o:juniper:junos:18.3:r3-s3::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.4:r2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s1::::::
cpe:2.3:o:juniper:junos:18.4:r2-s2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s3::::::
cpe:2.3:o:juniper:junos:18.4:r2-s4::::::
cpe:2.3:o:juniper:junos:18.4:r3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s1::::::
cpe:2.3:o:juniper:junos:18.4:r3-s2::::::
cpe:2.3:o:juniper:junos:18.4:r3-s3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s4::::::
cpe:2.3:o:juniper:junos:18.4:r3-s5::::::
cpe:2.3:o:juniper:junos:19.1:-::::::
cpe:2.3:o:juniper:junos:19.1:r1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s2::::::
cpe:2.3:o:juniper:junos:19.1:r1-s3::::::
cpe:2.3:o:juniper:junos:19.1:r1-s4::::::
cpe:2.3:o:juniper:junos:19.1:r1-s5::::::
cpe:2.3:o:juniper:junos:19.1:r2::::::
cpe:2.3:o:juniper:junos:19.1:r2-s1::::::
cpe:2.3:o:juniper:junos:19.1:r3::::::
cpe:2.3:o:juniper:junos:19.1:r3-s1::::::
cpe:2.3:o:juniper:junos:19.1:r3-s2::::::
cpe:2.3:o:juniper:junos:19.2:-::::::
cpe:2.3:o:juniper:junos:19.2:r1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s2::::::
cpe:2.3:o:juniper:junos:19.2:r1-s3::::::
cpe:2.3:o:juniper:junos:19.2:r1-s4::::::
cpe:2.3:o:juniper:junos:19.2:r1-s5::::::
cpe:2.3:o:juniper:junos:19.2:r2::::::
cpe:2.3:o:juniper:junos:19.2:r2-s1::::::
cpe:2.3:o:juniper:junos:19.2:r3::::::
cpe:2.3:o:juniper:junos:19.3:-::::::
cpe:2.3:o:juniper:junos:19.3:r1::::::
cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s3::::::
cpe:2.3:o:juniper:junos:19.3:r2-s4::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s2::::::
cpe:2.3:o:juniper:junos:19.4:r2::::::
cpe:2.3:o:juniper:junos:19.4:r2-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s2::::::
cpe:2.3:o:juniper:junos:20.1:r1-s3::::::
cpe:2.3:o:juniper:junos:20.2:r1::::::
cpe:2.3:o:juniper:junos:20.2:r1-s1::::::

No data.

References

Link	Providers
https://kb.juniper.net/JSA11108

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-01-15T17:36:00.078193Z

Updated: 2024-09-16T23:46:21.144Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2021-0218

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-15T18:15:15.510

Modified: 2024-11-21T05:42:13.807

Link: CVE-2021-0218

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object