7.2

CVE-2021-0219

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command 'request system software add validate-on-host' via the CLI. An attacker with access to this CLI command may be able to exploit this vulnerability. This issue affects Juniper Networks Junos OS: all versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S2, 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2.

Data is provided by the National Vulnerability Database (NVD)
JuniperJunos Version17.3 Update-
JuniperJunos Version17.3 Updater1-s1
JuniperJunos Version17.3 Updater2
JuniperJunos Version17.3 Updater2-s1
JuniperJunos Version17.3 Updater2-s2
JuniperJunos Version17.3 Updater2-s3
JuniperJunos Version17.3 Updater2-s4
JuniperJunos Version17.3 Updater2-s5
JuniperJunos Version17.3 Updater3 Edition-
JuniperJunos Version17.3 Updater3-s1
JuniperJunos Version17.3 Updater3-s2
JuniperJunos Version17.3 Updater3-s3
JuniperJunos Version17.3 Updater3-s4
JuniperJunos Version17.3 Updater3-s5
JuniperJunos Version17.3 Updater3-s6
JuniperJunos Version17.3 Updater3-s7
JuniperJunos Version17.3 Updater3-s8
JuniperJunos Version17.3 Updater3-s9
JuniperJunos Version17.4 Update-
JuniperJunos Version17.4 Updater1
JuniperJunos Version17.4 Updater1-s1
JuniperJunos Version17.4 Updater1-s2
JuniperJunos Version17.4 Updater1-s4
JuniperJunos Version17.4 Updater1-s5
JuniperJunos Version17.4 Updater1-s6
JuniperJunos Version17.4 Updater1-s7
JuniperJunos Version17.4 Updater2
JuniperJunos Version17.4 Updater2-s1
JuniperJunos Version17.4 Updater2-s10
JuniperJunos Version17.4 Updater2-s11
JuniperJunos Version17.4 Updater2-s2
JuniperJunos Version17.4 Updater2-s3
JuniperJunos Version17.4 Updater2-s4
JuniperJunos Version17.4 Updater2-s5
JuniperJunos Version17.4 Updater2-s6
JuniperJunos Version17.4 Updater2-s7
JuniperJunos Version17.4 Updater2-s8
JuniperJunos Version17.4 Updater2-s9
JuniperJunos Version17.4 Updater3
JuniperJunos Version17.4 Updater3-s1
JuniperJunos Version17.4 Updater3-s2
JuniperJunos Version18.1 Update-
JuniperJunos Version18.1 Updater1
JuniperJunos Version18.1 Updater2
JuniperJunos Version18.1 Updater2-s1
JuniperJunos Version18.1 Updater2-s2
JuniperJunos Version18.1 Updater2-s4
JuniperJunos Version18.1 Updater3
JuniperJunos Version18.1 Updater3-s1
JuniperJunos Version18.1 Updater3-s10
JuniperJunos Version18.1 Updater3-s2
JuniperJunos Version18.1 Updater3-s3
JuniperJunos Version18.1 Updater3-s4
JuniperJunos Version18.1 Updater3-s6
JuniperJunos Version18.1 Updater3-s7
JuniperJunos Version18.1 Updater3-s8
JuniperJunos Version18.1 Updater3-s9
JuniperJunos Version18.2 Update-
JuniperJunos Version18.2 Updater1
JuniperJunos Version18.2 Updater1 Edition-
JuniperJunos Version18.2 Updater1-s3
JuniperJunos Version18.2 Updater1-s4
JuniperJunos Version18.2 Updater1-s5
JuniperJunos Version18.2 Updater2
JuniperJunos Version18.2 Updater2-s1
JuniperJunos Version18.2 Updater2-s2
JuniperJunos Version18.2 Updater2-s3
JuniperJunos Version18.2 Updater2-s4
JuniperJunos Version18.2 Updater2-s5
JuniperJunos Version18.2 Updater2-s6
JuniperJunos Version18.2 Updater2-s7
JuniperJunos Version18.2 Updater3
JuniperJunos Version18.2 Updater3-s1
JuniperJunos Version18.2 Updater3-s2
JuniperJunos Version18.2 Updater3-s3
JuniperJunos Version18.2 Updater3-s4
JuniperJunos Version18.2 Updater3-s5
JuniperJunos Version18.3 Update-
JuniperJunos Version18.3 Updater1
JuniperJunos Version18.3 Updater1-s1
JuniperJunos Version18.3 Updater1-s2
JuniperJunos Version18.3 Updater1-s3
JuniperJunos Version18.3 Updater1-s5
JuniperJunos Version18.3 Updater1-s6
JuniperJunos Version18.3 Updater2
JuniperJunos Version18.3 Updater2-s1
JuniperJunos Version18.3 Updater2-s2
JuniperJunos Version18.3 Updater2-s3
JuniperJunos Version18.3 Updater2-s4
JuniperJunos Version18.3 Updater3
JuniperJunos Version18.3 Updater3-s1
JuniperJunos Version18.3 Updater3-s2
JuniperJunos Version18.3 Updater3-s3
JuniperJunos Version18.4 Update-
JuniperJunos Version18.4 Updater1
JuniperJunos Version18.4 Updater1-s1
JuniperJunos Version18.4 Updater1-s2
JuniperJunos Version18.4 Updater1-s3
JuniperJunos Version18.4 Updater1-s4
JuniperJunos Version18.4 Updater1-s5
JuniperJunos Version18.4 Updater1-s6
JuniperJunos Version18.4 Updater1-s7
JuniperJunos Version18.4 Updater2
JuniperJunos Version18.4 Updater2-s1
JuniperJunos Version18.4 Updater2-s2
JuniperJunos Version18.4 Updater2-s3
JuniperJunos Version18.4 Updater2-s4
JuniperJunos Version18.4 Updater2-s5
JuniperJunos Version18.4 Updater2-s6
JuniperJunos Version18.4 Updater3
JuniperJunos Version18.4 Updater3-s1
JuniperJunos Version18.4 Updater3-s2
JuniperJunos Version18.4 Updater3-s3
JuniperJunos Version18.4 Updater3-s4
JuniperJunos Version18.4 Updater3-s5
JuniperJunos Version19.1 Update-
JuniperJunos Version19.1 Updater1
JuniperJunos Version19.1 Updater1-s1
JuniperJunos Version19.1 Updater1-s2
JuniperJunos Version19.1 Updater1-s3
JuniperJunos Version19.1 Updater1-s4
JuniperJunos Version19.1 Updater1-s5
JuniperJunos Version19.1 Updater2
JuniperJunos Version19.1 Updater2-s1
JuniperJunos Version19.1 Updater3
JuniperJunos Version19.1 Updater3-s1
JuniperJunos Version19.1 Updater3-s2
JuniperJunos Version19.2 Update-
JuniperJunos Version19.2 Updater1
JuniperJunos Version19.2 Updater1-s1
JuniperJunos Version19.2 Updater1-s2
JuniperJunos Version19.2 Updater1-s3
JuniperJunos Version19.2 Updater1-s4
JuniperJunos Version19.2 Updater2
JuniperJunos Version19.2 Updater3
JuniperJunos Version19.3 Update-
JuniperJunos Version19.3 Updater1
JuniperJunos Version19.3 Updater1-s1
JuniperJunos Version19.3 Updater2
JuniperJunos Version19.3 Updater2-s1
JuniperJunos Version19.3 Updater2-s2
JuniperJunos Version19.3 Updater2-s3
JuniperJunos Version19.3 Updater2-s4
JuniperJunos Version19.3 Updater3
JuniperJunos Version19.4 Updater1
JuniperJunos Version19.4 Updater1-s1
JuniperJunos Version19.4 Updater1-s2
JuniperJunos Version19.4 Updater2
JuniperJunos Version19.4 Updater2-s1
JuniperJunos Version19.4 Updater3
JuniperJunos Version20.1 Updater1
JuniperJunos Version20.1 Updater1-s1
JuniperJunos Version20.1 Updater1-s2
JuniperJunos Version20.1 Updater1-s3
JuniperJunos Version20.2 Updater1
JuniperJunos Version20.2 Updater1-s1
JuniperJunos Version20.3 Updater1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.076
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
sirt@juniper.net 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.