Details of VAR-202104-0548

ID

VAR-202104-0548

CVE

CVE-2021-0265

TITLE

Juniper Networks AppFormix Overview Operating system command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-1662

DESCRIPTION

An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0. Operators for software-defined data centers can use one toolset to view operational performance and infrastructure resources. Juniper Networks AppFormix Overview contains a security vulnerability that could allow an attacker to gain complete control of the environment

Trust: 1.08

sources: NVD: CVE-2021-0265 // VULHUB: VHN-372167 // VULMON: CVE-2021-0265

AFFECTED PRODUCTS

vendor:	juniper	model:	appformix	scope:	gte	version:	3.2.0	Trust: 1.0
vendor:	juniper	model:	appformix	scope:	lt	version:	3.1.22	Trust: 1.0
vendor:	juniper	model:	appformix	scope:	lt	version:	3.2.14	Trust: 1.0
vendor:	juniper	model:	appformix	scope:	gte	version:	3.0.0	Trust: 1.0

sources: NVD: CVE-2021-0265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0265
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2021-0265
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-1662
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372167
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-0265
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-0265
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372167
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2021-0265
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372167 // VULMON: CVE-2021-0265 // CNNVD: CNNVD-202104-1662 // NVD: CVE-2021-0265 // NVD: CVE-2021-0265

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.1

sources: VULHUB: VHN-372167 // NVD: CVE-2021-0265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1662

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-1662

PATCH

title:

Juniper Networks AppFormix Overview Fixes for operating system command injection vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151768

Trust: 0.6

sources: CNNVD: CNNVD-202104-1662

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0265	Trust: 1.8
db:	JUNIPER	id:	JSA11156	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-1662	Trust: 0.7
db:	VULHUB	id:	VHN-372167	Trust: 0.1
db:	VULMON	id:	CVE-2021-0265	Trust: 0.1

sources: VULHUB: VHN-372167 // VULMON: CVE-2021-0265 // CNNVD: CNNVD-202104-1662 // NVD: CVE-2021-0265

REFERENCES

url:	https://kb.juniper.net/jsa11156	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0265	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372167 // VULMON: CVE-2021-0265 // CNNVD: CNNVD-202104-1662 // NVD: CVE-2021-0265

SOURCES

db:	VULHUB	id:	VHN-372167
db:	VULMON	id:	CVE-2021-0265
db:	CNNVD	id:	CNNVD-202104-1662
db:	NVD	id:	CVE-2021-0265

LAST UPDATE DATE

2024-11-23T22:37:02.610000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372167	date:	2021-05-04T00:00:00
db:	VULMON	id:	CVE-2021-0265	date:	2021-05-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-1662	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2021-0265	date:	2024-11-21T05:42:21.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372167	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-0265	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-1662	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-0265	date:	2021-04-22T20:15:09.843