CVE-2021-0235

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2 Juniper Networks Junos OS versions 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 Juniper Networks Junos OS versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series Juniper Networks Junos OS versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series Juniper Networks Junos OS versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series Juniper Networks Junos OS versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series

Description: The issue is related to incorrect permission schemes assigned to tenant system administrators on Juniper Networks Junos OS, which may allow a tenant system administrator to inadvertently send their network traffic to one or more tenants while modifying the overall device system traffic management. This could also result in a tenant inadvertently receiving traffic from another tenant. The issue is due to errors in privilege management.

Recommendations: For Juniper Networks Junos OS versions 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2, update to a version that includes the fix for this issue. For Juniper Networks Junos OS versions 18.4R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, update to a version that includes the fix for this issue. For Juniper Networks Junos OS versions 19.1R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, update to a version that includes the fix for this issue. For Juniper Networks Junos OS versions prior to 19.2R1-S6, 19.2R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, update to version 19.2R1-S6 or 19.2R3-S2 or later. For Juniper Networks Junos OS versions prior to 19.3R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, update to version 19.3R3-S2 or later. For Juniper Networks Junos OS versions prior to 19.4R2-S4, 19.4R3-S2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, update to version 19.4R2-S4 or 19.4R3-S2 or later. For Juniper Networks Junos OS versions prior to 20.1R2, 20.1R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series, update to version 20.1R2 or 20.1R3 or later. For Juniper Networks Junos OS versions prior to 20.2R2-S1, 20.2R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series, update to version 20.2R2-S1 or 20.2R3 or later. For Juniper Networks Junos OS versions prior to 20.3R1-S2, 20.3R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series, update to version 20.3R1-S2 or 20.3R2 or later. For Juniper Networks Junos OS versions prior to 20.4R1, 20.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3 vSRX Series, update to version 20.4R1 or 20.4R2 or later.