CVE-2021-31350

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8; 19.1 versions prior to 19.1R2-S3, 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2 Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO; 21.1-EVO versions prior to 21.1R2-EVO

Description The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs as root. This allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system.

Recommendations For Juniper Networks Junos OS versions prior to 18.4R1-S8, 18.4R2-S8, 18.4R3-S8, update to version 18.4R1-S8, 18.4R2-S8, or 18.4R3-S8 or later. For Juniper Networks Junos OS versions prior to 19.1R2-S3, 19.1R3-S5, update to version 19.1R2-S3 or 19.1R3-S5 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S7, 19.2R3-S2, update to version 19.2R1-S7 or 19.2R3-S2 or later. For Juniper Networks Junos OS versions prior to 19.3R2-S6, 19.3R3-S2, update to version 19.3R2-S6 or 19.3R3-S2 or later. For Juniper Networks Junos OS versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3, update to version 19.4R1-S4, 19.4R2-S4, or 19.4R3-S3 or later. For Juniper Networks Junos OS versions prior to 20.1R2-S2, 20.1R3, update to version 20.1R2-S2 or 20.1R3 or later. For Juniper Networks Junos OS versions prior to 20.2R2-S3, 20.2R3, update to version 20.2R2-S3 or 20.2R3 or later. For Juniper Networks Junos OS versions prior to 20.3R2-S1, 20.3R3, update to version 20.3R2-S1 or 20.3R3 or later. For Juniper Networks Junos OS versions prior to 20.4R2, update to version 20.4R2 or later. For Juniper Networks Junos OS Evolved versions prior to 20.4R2-EVO, update to version 20.4R2-EVO or later. For Juniper Networks Junos OS Evolved 21.1-EVO versions prior to 21.1R2-EVO, update to version 21.1R2-EVO or later.