PT-2021-12973 · Juniper Networks · Appformix

Published

2021-04-22

Updated

2021-05-04

CVE-2021-0265

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Juniper Networks AppFormix versions prior to 3.1.22, 3.2.14, 3.3.0

Description: An unvalidated REST API in the AppFormix Agent allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, granting the attacker full control over the environment.

Recommendations: For versions prior to 3.1.22, update to version 3.1.22 or later. For versions prior to 3.2.14, update to version 3.2.14 or later. For versions prior to 3.3.0, update to version 3.3.0 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-0265

Affected Products

Appformix

PT-2021-12973 · Juniper Networks · Appformix

CVE-2021-0265

Weakness Enumeration

Related Identifiers

Affected Products

References · 3