PT-2021-12966 · Juniper Networks · Junos
Published
2021-04-19
·
Updated
2021-04-28
·
CVE-2021-0256
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Junos OS versions 17.3 prior to 17.3R3-S12
Junos OS versions 17.4 prior to 17.4R3-S4
Junos OS versions 18.1 prior to 18.1R3-S12
Junos OS versions 18.3 prior to 18.3R3-S4
Junos OS versions 19.1 prior to 19.1R3-S4
Junos OS versions 19.3 prior to 19.3R3-S2
Junos OS versions 19.4 prior to 19.4R2-S3
Junos OS versions 20.1 prior to 20.1R2
Junos OS versions 20.2 prior to 20.2R1-S3
Description:
A sensitive information disclosure issue may allow a locally authenticated user with shell access to read portions of sensitive files, such as the master.passwd file. This is possible because mosquitto is shipped with setuid permissions enabled and is owned by the root user, allowing a local privileged user to run mosquitto with root privileges and access sensitive information stored on the local filesystem.
Recommendations:
For Junos OS versions 17.3 prior to 17.3R3-S12, update to 17.3R3-S12 or later.
For Junos OS versions 17.4 prior to 17.4R3-S4, update to 17.4R3-S4 or later.
For Junos OS versions 18.1 prior to 18.1R3-S12, update to 18.1R3-S12 or later.
For Junos OS versions 18.3 prior to 18.3R3-S4, update to 18.3R3-S4 or later.
For Junos OS versions 19.1 prior to 19.1R3-S4, update to 19.1R3-S4 or later.
For Junos OS versions 19.3 prior to 19.3R3-S2, update to 19.3R3-S2 or later.
For Junos OS versions 19.4 prior to 19.4R2-S3, update to 19.4R2-S3 or later.
For Junos OS versions 20.1 prior to 20.1R2, update to 20.1R2 or later.
For Junos OS versions 20.2 prior to 20.2R1-S3, update to 20.2R1-S3 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Junos