CVE-2021-0212 - Vulnerability Details - OpenCVE

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Contrail Networking

affected

Version	Status	Constraints
`unspecified`	affected	< 1911.31

Configuration 1 [-]

cpe:2.3:a:juniper:contrail_networking:*:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors	Products
Juniper Subscribe	Contrail Networking Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-2831	An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: Contrail Networking 1911.31 and subsequent releases.

Workaround

There are no known workarounds for this issue.

References

Link	Providers
https://kb.juniper.net/JSA11102

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-01-15T17:35:58.157Z

Updated: 2024-09-16T23:21:32.562Z

Reserved: 2020-10-27T00:00:00.000Z

Link: CVE-2021-0212

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-15T18:15:15.260

Modified: 2024-11-21T05:42:13.077

Link: CVE-2021-0212

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "Contrail Networking", "vendor": "Juniper Networks", "versions": [{"lessThan": "1911.31", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-01-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-15T17:35:58.000Z", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11102"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Contrail Networking 1911.31 and subsequent releases."}], "source": {"advisory": "JSA11102", "defect": ["CEM-9032"], "discovery": "USER"}, "title": "Contrail Networking: Administrator credentials are exposed in a plaintext file", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-01-13T17:00:00.000Z", "ID": "CVE-2021-0212", "STATE": "PUBLIC", "TITLE": "Contrail Networking: Administrator credentials are exposed in a plaintext file"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Contrail Networking", "version": {"version_data": [{"version_affected": "<", "version_value": "1911.31"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11102", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11102"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Contrail Networking 1911.31 and subsequent releases."}], "source": {"advisory": "JSA11102", "defect": ["CEM-9032"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:32:10.101Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11102"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0212", "datePublished": "2021-01-15T17:35:58.157Z", "dateReserved": "2020-10-27T00:00:00.000Z", "dateUpdated": "2024-09-16T23:21:32.562Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:contrail_networking:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BB51C8D-545B-4F05-ACC2-108CB90B26BA", "versionEndExcluding": "1911.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31."}, {"lang": "es", "value": "Una vulnerabilidad de Exposici\u00f3n de Informaci\u00f3n en Juniper Networks Contrail Networking, permite a un atacante autenticado localmente sea capaz de leer archivos para recuperar las credenciales de administrador almacenadas en texto plano, elevando as\u00ed sus privilegios sobre el sistema. Este problema afecta: Juniper Networks Contrail Networking versiones anteriores a 1911.31"}], "id": "CVE-2021-0212", "lastModified": "2024-11-21T05:42:13.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2021-01-15T18:15:15.260", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11102"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11102"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}