CVE-2021-31358

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R2-S2-EVO Juniper Networks Junos OS Evolved version 21.1 versions prior to 21.1R2-EVO Juniper Networks Junos OS Evolved version 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO

Description A command injection vulnerability in sftp command processing allows an attacker with authenticated CLI access to bypass configured access protections and execute arbitrary shell commands within the context of the current user. This issue enables an attacker to bypass command authorization restrictions and execute commands available to their assigned privilege level. For instance, a restricted super-user could exploit this to execute any command available to an unrestricted admin user. The vulnerability does not increase the user's privilege level but rather bypasses CLI command restrictions, allowing full access to the shell.

Recommendations For versions prior to 20.4R2-S2-EVO, update to version 20.4R2-S2-EVO or later. For version 21.1, update to version 21.1R2-EVO or later. For version 21.2, update to version 21.2R1-S1-EVO or 21.2R2-EVO or later. As a temporary workaround, consider restricting access to the sftp command processing functionality until a patch is available.