Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-0246

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices using tenant services on Juniper Networks Junos OS, due to incorrect default permissions assigned to tenant system administrators a tenant system administrator may inadvertently send their network traffic to one or more tenants while concurrently modifying the overall device system traffic management, affecting all tenants and the service provider. Further, a tenant may inadvertently receive traffic from another tenant. This issue affects: Juniper Networks Junos OS 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2; 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3; 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3. This issue does not affect: Juniper Networks Junos OS versions prior to 18.3R1.

Published

2021-04-22T20:15:09.190

Last Modified

2024-11-21T05:42:18.323

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-276
Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.3	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	18.4	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Operating System	juniper	junos	19.1	Yes
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No

References

https://kb.juniper.net/JSA11139 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11139 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)