CVE-2021-0253

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 17.2R1 through 18.3R3-S4 Juniper Networks Junos OS versions 18.4 through 18.4R2-S5 Juniper Networks Junos OS versions 18.4R3 through 18.4R3-S5 Juniper Networks Junos OS versions 19.1 through 19.1R1-S3 Juniper Networks Junos OS versions 19.1R2 through 19.2R3 Juniper Networks Junos OS versions 19.3 through 19.3R3 Juniper Networks Junos OS versions 19.4 through 19.4R2-S2

Description: The issue affects NFX Series devices using Juniper Networks Junos OS, allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process. This is a local command execution issue. The JDMD process is used by Junos Node Slicing, but this issue does not affect External Servers used in conjunction with Junos Node Slicing and In-Chassis Junos Node Slicing on MX480, MX960, MX2008, MX2010, MX2020.

Recommendations: For versions 17.2R1 through 18.3R3-S4, update to version 18.3R3-S4 or later. For versions 18.4 through 18.4R2-S5, update to version 18.4R2-S5 or later. For versions 18.4R3 through 18.4R3-S5, update to version 18.4R3-S5 or later. For versions 19.1 through 19.1R1-S3, update to version 19.1R1-S3 or later. For versions 19.1R2 through 19.2R3, update to version 19.2R3 or later. For versions 19.3 through 19.3R3, update to version 19.3R3 or later. For versions 19.4 through 19.4R2-S2, update to version 19.4R2-S2 or later.