| Vulnerability Name: | CVE-2021-0265 (CCN-199970) | ||||||||||||
| Assigned: | 2020-10-27 | ||||||||||||
| Published: | 2021-04-14 | ||||||||||||
| Updated: | 2021-05-04 | ||||||||||||
| Summary: | An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0. | ||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-78 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-0265 Source: XF Type: UNKNOWN juniper-cve20210265-cmd-exec(199970) Source: CCN Type: Juniper Networks Security Bulletin JSA11117 Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root. (CVE-2021-0265) Source: MISC Type: Vendor Advisory https://kb.juniper.net/JSA11156 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||