CVE-2021-0255 - Vulnerability Details

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00021.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:17.3:-::::::
	cpe:2.3:o:juniper:junos:17.3:r1::::::
	cpe:2.3:o:juniper:junos:17.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r1-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.3:r3::::::
	cpe:2.3:o:juniper:junos:17.3:r3:-:::::*
	cpe:2.3:o:juniper:junos:17.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s10::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s11::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s2::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s3::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s4::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s5::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s6::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s7::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s8::::::
	cpe:2.3:o:juniper:junos:17.3:r3-s9::::::
	cpe:2.3:o:juniper:junos:17.4:-::::::
	cpe:2.3:o:juniper:junos:17.4:r1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r1-s7::::::
	cpe:2.3:o:juniper:junos:17.4:r2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s10::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s11::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s12::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s5::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s6::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s7::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s8::::::
	cpe:2.3:o:juniper:junos:17.4:r2-s9::::::
	cpe:2.3:o:juniper:junos:17.4:r3::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:17.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:18.1:-::::::
	cpe:2.3:o:juniper:junos:18.1:r1::::::
	cpe:2.3:o:juniper:junos:18.1:r2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r2-s4::::::
	cpe:2.3:o:juniper:junos:18.1:r3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s10::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s11::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s4::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s5::::::
	cpe:2.3:o:juniper:junos:18.1:r3-s6::::::
cpe:2.3:o:juniper:junos:18.1:r3-s7::::::
cpe:2.3:o:juniper:junos:18.1:r3-s8::::::
cpe:2.3:o:juniper:junos:18.1:r3-s9::::::
cpe:2.3:o:juniper:junos:18.2:-::::::
cpe:2.3:o:juniper:junos:18.2:r1::::::
cpe:2.3:o:juniper:junos:18.2:r1-s2::::::
cpe:2.3:o:juniper:junos:18.2:r1-s3::::::
cpe:2.3:o:juniper:junos:18.2:r1-s4::::::
cpe:2.3:o:juniper:junos:18.2:r1-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s1::::::
cpe:2.3:o:juniper:junos:18.2:r2-s2::::::
cpe:2.3:o:juniper:junos:18.2:r2-s3::::::
cpe:2.3:o:juniper:junos:18.2:r2-s4::::::
cpe:2.3:o:juniper:junos:18.2:r2-s5::::::
cpe:2.3:o:juniper:junos:18.2:r2-s6::::::
cpe:2.3:o:juniper:junos:18.2:r2-s7::::::
cpe:2.3:o:juniper:junos:18.2:r3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s1::::::
cpe:2.3:o:juniper:junos:18.2:r3-s2::::::
cpe:2.3:o:juniper:junos:18.2:r3-s3::::::
cpe:2.3:o:juniper:junos:18.2:r3-s4::::::
cpe:2.3:o:juniper:junos:18.2:r3-s5::::::
cpe:2.3:o:juniper:junos:18.2:r3-s6::::::
cpe:2.3:o:juniper:junos:18.3:-::::::
cpe:2.3:o:juniper:junos:18.3:r1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s1::::::
cpe:2.3:o:juniper:junos:18.3:r1-s2::::::
cpe:2.3:o:juniper:junos:18.3:r1-s3::::::
cpe:2.3:o:juniper:junos:18.3:r1-s4::::::
cpe:2.3:o:juniper:junos:18.3:r1-s5::::::
cpe:2.3:o:juniper:junos:18.3:r1-s6::::::
cpe:2.3:o:juniper:junos:18.3:r2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s1::::::
cpe:2.3:o:juniper:junos:18.3:r2-s2::::::
cpe:2.3:o:juniper:junos:18.3:r2-s3::::::
cpe:2.3:o:juniper:junos:18.3:r2-s4::::::
cpe:2.3:o:juniper:junos:18.3:r3::::::
cpe:2.3:o:juniper:junos:18.3:r3-s1::::::
cpe:2.3:o:juniper:junos:18.3:r3-s2::::::
cpe:2.3:o:juniper:junos:18.3:r3-s3::::::
cpe:2.3:o:juniper:junos:18.4:-::::::
cpe:2.3:o:juniper:junos:18.4:r1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s1::::::
cpe:2.3:o:juniper:junos:18.4:r1-s2::::::
cpe:2.3:o:juniper:junos:18.4:r1-s3::::::
cpe:2.3:o:juniper:junos:18.4:r1-s4::::::
cpe:2.3:o:juniper:junos:18.4:r1-s5::::::
cpe:2.3:o:juniper:junos:18.4:r1-s6::::::
cpe:2.3:o:juniper:junos:18.4:r1-s7::::::
cpe:2.3:o:juniper:junos:18.4:r2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s1::::::
cpe:2.3:o:juniper:junos:18.4:r2-s2::::::
cpe:2.3:o:juniper:junos:18.4:r2-s3::::::
cpe:2.3:o:juniper:junos:18.4:r2-s4::::::
cpe:2.3:o:juniper:junos:18.4:r2-s5::::::
cpe:2.3:o:juniper:junos:18.4:r2-s6::::::
cpe:2.3:o:juniper:junos:18.4:r3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s1::::::
cpe:2.3:o:juniper:junos:18.4:r3-s2::::::
cpe:2.3:o:juniper:junos:18.4:r3-s3::::::
cpe:2.3:o:juniper:junos:18.4:r3-s4::::::
cpe:2.3:o:juniper:junos:18.4:r3-s5::::::
cpe:2.3:o:juniper:junos:18.4:r3-s6::::::
cpe:2.3:o:juniper:junos:19.1:-::::::
cpe:2.3:o:juniper:junos:19.1:r1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s1::::::
cpe:2.3:o:juniper:junos:19.1:r1-s2::::::
cpe:2.3:o:juniper:junos:19.1:r1-s3::::::
cpe:2.3:o:juniper:junos:19.1:r1-s4::::::
cpe:2.3:o:juniper:junos:19.1:r1-s5::::::
cpe:2.3:o:juniper:junos:19.1:r2::::::
cpe:2.3:o:juniper:junos:19.1:r2-s1::::::
cpe:2.3:o:juniper:junos:19.1:r3::::::
cpe:2.3:o:juniper:junos:19.1:r3-s1::::::
cpe:2.3:o:juniper:junos:19.1:r3-s2::::::
cpe:2.3:o:juniper:junos:19.1:r3-s3::::::
cpe:2.3:o:juniper:junos:19.2:-::::::
cpe:2.3:o:juniper:junos:19.2:r1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s1::::::
cpe:2.3:o:juniper:junos:19.2:r1-s2::::::
cpe:2.3:o:juniper:junos:19.2:r1-s3::::::
cpe:2.3:o:juniper:junos:19.2:r1-s4::::::
cpe:2.3:o:juniper:junos:19.2:r1-s5::::::
cpe:2.3:o:juniper:junos:19.2:r2::::::
cpe:2.3:o:juniper:junos:19.2:r2-s1::::::
cpe:2.3:o:juniper:junos:19.2:r3::::::
cpe:2.3:o:juniper:junos:19.2:r3-s1::::::
cpe:2.3:o:juniper:junos:19.3:-::::::
cpe:2.3:o:juniper:junos:19.3:r1::::::
cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
cpe:2.3:o:juniper:junos:19.3:r2-s3::::::
cpe:2.3:o:juniper:junos:19.3:r2-s4::::::
cpe:2.3:o:juniper:junos:19.3:r2-s5::::::
cpe:2.3:o:juniper:junos:19.3:r3::::::
cpe:2.3:o:juniper:junos:19.4:r1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
cpe:2.3:o:juniper:junos:19.4:r1-s2::::::
cpe:2.3:o:juniper:junos:19.4:r2::::::
cpe:2.3:o:juniper:junos:19.4:r2-s1::::::
cpe:2.3:o:juniper:junos:19.4:r2-s2::::::
cpe:2.3:o:juniper:junos:19.4:r3::::::
cpe:2.3:o:juniper:junos:19.4:r3-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
cpe:2.3:o:juniper:junos:20.1:r1-s2::::::
cpe:2.3:o:juniper:junos:20.1:r1-s3::::::
cpe:2.3:o:juniper:junos:20.1:r1-s4::::::
cpe:2.3:o:juniper:junos:20.2:r1::::::
cpe:2.3:o:juniper:junos:20.2:r1-s1::::::
cpe:2.3:o:juniper:junos:20.2:r1-s2::::::
cpe:2.3:o:juniper:junos:20.2:r1-s3::::::
cpe:2.3:o:juniper:junos:20.2:r2::::::
cpe:2.3:o:juniper:junos:20.3:r1::::::
cpe:2.3:o:juniper:junos:20.4:r1::::::
cpe:2.3:o:juniper:junos:20.4:r1-s1::::::

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-2874	A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: Junos OS 15.1X49-D240, 17.3R3-S11, 17.4R3-S4, 18.1R3-S12, 18.2R3-S7, 18.4R2-S7, 19.1R1-S6, 19.1R2-S2, 19.1R3-S4, 19.3R3-S2, 19.4R3-S1, 20.1R2, 20.1R3, 20.2R2-S1, 20.2R3, 20.3R1-S1, 21.1R1, and all subsequent releases. As a proactive measure to tighten the security of other Ethernet OAM utilities, setuid was also removed from other binaries, including ethping, ethdm, ethslm and ethlm.

Workaround

To reduce the risk of malicious exploitation, use access lists or firewall filters to limit CLI access to the device only from trusted, administrative networks or hosts. Additionally, limit access to the Junos OS shell to only trusted system administrators.

References

Link	Providers
https://kb.juniper.net/JSA11175

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-04-22T19:37:16.105692Z

Updated: 2024-09-16T17:43:04.277Z

Reserved: 2020-10-27T00:00:00

Link: CVE-2021-0255

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-22T20:15:09.493

Modified: 2024-11-21T05:42:19.703

Link: CVE-2021-0255

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object