CVE-2021-0246

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1.

CVSS v3 7.3 HIGH
CVSS v2.0 4.6 MEDIUM

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://kb.juniper.net/JSA11139	Vendor Advisory
https://kb.juniper.net/JSA11139	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:18.3:-::::::
	cpe:2.3:o:juniper:junos:18.3:r1::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s4::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
	cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
	cpe:2.3:o:juniper:junos:18.3:r2::::::
	cpe:2.3:o:juniper:junos:18.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:18.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:18.4:-::::::
	cpe:2.3:o:juniper:junos:18.4:r1::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s6::::::
	cpe:2.3:o:juniper:junos:18.4:r1-s7::::::
	cpe:2.3:o:juniper:junos:19.1:-::::::
	cpe:2.3:o:juniper:junos:19.1:r1::::::
	cpe:2.3:o:juniper:junos:19.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:19.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:19.1:r1-s3::::::
	cpe:2.3:o:juniper:junos:19.1:r1-s4::::::
	cpe:2.3:o:juniper:junos:19.1:r1-s5::::::

OR	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

History

21 Nov 2024, 05:42

Type	Values Removed	Values Added
References	~~() https://kb.juniper.net/JSA11139 - Vendor Advisory~~	() https://kb.juniper.net/JSA11139 - Vendor Advisory

Information

Published : 2021-04-22 20:15

Updated : 2024-11-21 05:42

NVD link : CVE-2021-0246

Mitre link : CVE-2021-0246

CVE.ORG link : CVE-2021-0246

JSON object : View

Products Affected

juniper

srx5800
srx4100
srx4200
junos
srx5600
srx5400
srx1500
srx4600

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2021-0246", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.5}]}, "published": "2021-04-22T20:15:09.190", "references": [{"url": "https://kb.juniper.net/JSA11139", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA11139", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-276"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1."}, {"lang": "es", "value": "En las Series SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 con SPC2/SPC3, dispositivos que usan servicios de inquilino en Juniper Networks Junos OS, debido a permisos predeterminados incorrectos asignados a administradores de sistemas de inquilino, un administrador de sistemas de inquilino puede enviar inadvertidamente su tr\u00e1fico de red a uno o m\u00e1s inquilino al mismo tiempo que modifica la gesti\u00f3n general del tr\u00e1fico del sistema del dispositivo, afectando a todos los inquilinos y al proveedor de servicios. Adem\u00e1s, un inquilino puede recibir inadvertidamente tr\u00e1fico de otro inquilino. Este problema afecta a: Juniper Networks Junos OS versiones 18.3 18.3R1 y posteriores en las Series SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 con SPC2; versiones 18.3 anteriores a 18.3R3 en las Series SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 con SPC2; versiones 18.4 anteriores a 18.4R2 en las Series SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 con SPC2 / SPC3; versiones 19. 1 anteriores a 19.1R2 en las Series SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 con SPC2/SPC3. Este problema no afecta a: Juniper Networks Junos OS versiones anteriores a 18.3R1"}], "lastModified": "2024-11-21T05:42:18.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92FB1BF6-8852-45D8-817C-36CDBE730801"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB08FF7B-01F5-4A19-858E-E2CD19D61A62"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7A3FBD3-5399-42A9-9BD9-E3C981CBD6DB"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EBD361C-8B4D-43EF-8B82-9FE165D8206E"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E7539C4-6208-43EB-9A0B-4852D0CE0FA1"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35299B02-DC75-458D-B86D-8A0DB95B06AA"}, {"criteria": "cpe:2.3:o:juniper:junos:18.3:r2-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BAC3EF2-3339-4E3C-9C6D-E854EBBDEF9C"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0C26E59-874A-4D87-9E7F-E366F4D65ED1"}, {"criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75902119-60D0-49F8-8E01-666E0F75935A"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768C0EB7-8456-4BF4-8598-3401A54D21DA"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5332B70A-F6B0-4C3B-90E2-5CBFB3326126"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81439FE8-5405-45C2-BC04-9823D2009A77"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E506138D-043E-485D-B485-94A2AB75F8E7"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EF3C901-3599-463F-BEFB-8858768DC195"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD806778-A995-4A9B-9C05-F4D7B1CB1F7D"}, {"criteria": "cpe:2.3:o:juniper:junos:19.1:r1-s5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02B42BE8-1EF2-47F7-9F10-DE486A017EED"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B"}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9"}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA"}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1"}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710"}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}

7.3 /10