CVE-2021-0246

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 18.3R1 through 18.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2 Juniper Networks Junos OS versions 18.4R1 through 18.4R1 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions 19.1R1 through 19.1R1 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3

Description: The issue arises from incorrect default permissions assigned to tenant system administrators, allowing them to inadvertently send their network traffic to other tenants and modify overall device system traffic management. This can also cause a tenant to receive traffic from another tenant.

Recommendations: For Juniper Networks Junos OS versions 18.3R1 through 18.3R2, update to version 18.3R3 or later. For Juniper Networks Junos OS versions 18.4R1, update to version 18.4R2 or later. For Juniper Networks Junos OS versions 19.1R1, update to version 19.1R2 or later.