Details of VAR-202107-0490

ID

VAR-202107-0490

CVE

CVE-2021-0279

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. The messaging services of RabbitMQ are used when coordinating operations and status information among Contrail services. An attacker with access to an administrative service for RabbitMQ (e.g. GUI), can use these hardcoded credentials to cause a Denial of Service (DoS) or have access to unspecified sensitive system information. This issue affects the Juniper Networks Contrail Cloud releases on versions prior to 13.6.0. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-0279 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372181 // VULMON: CVE-2021-0279

AFFECTED PRODUCTS

vendor:

juniper

model:

contrail cloud

scope:

version:

13.6

Trust: 1.0

sources: NVD: CVE-2021-0279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0279
value:	MEDIUM
Trust: 1.0
sirt@juniper.net:	CVE-2021-0279
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1053
value:	HIGH
Trust: 0.6
VULHUB:	VHN-372181
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-0279
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0279
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-372181
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0279
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0
sirt@juniper.net:	CVE-2021-0279
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-372181 // VULMON: CVE-2021-0279 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1053 // NVD: CVE-2021-0279 // NVD: CVE-2021-0279

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.1

sources: VULHUB: VHN-372181 // NVD: CVE-2021-0279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1053

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXTERNAL IDS

db:	JUNIPER	id:	JSA11183	Trust: 1.8
db:	NVD	id:	CVE-2021-0279	Trust: 1.8
db:	CNNVD	id:	CNNVD-202107-1053	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2395	Trust: 0.6
db:	CS-HELP	id:	SB2021072013	Trust: 0.6
db:	CNVD	id:	CNVD-2021-52395	Trust: 0.1
db:	VULHUB	id:	VHN-372181	Trust: 0.1
db:	VULMON	id:	CVE-2021-0279	Trust: 0.1

sources: VULHUB: VHN-372181 // VULMON: CVE-2021-0279 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1053 // NVD: CVE-2021-0279

REFERENCES

url:	https://kb.juniper.net/jsa11183	Trust: 1.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2395	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0279	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072013	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-372181 // VULMON: CVE-2021-0279 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1053 // NVD: CVE-2021-0279

SOURCES

db:	VULHUB	id:	VHN-372181
db:	VULMON	id:	CVE-2021-0279
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1053
db:	NVD	id:	CVE-2021-0279

LAST UPDATE DATE

2024-08-14T12:17:44.992000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-372181	date:	2021-07-27T00:00:00
db:	VULMON	id:	CVE-2021-0279	date:	2021-07-27T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1053	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-0279	date:	2021-07-27T18:50:01.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-372181	date:	2021-07-15T00:00:00
db:	VULMON	id:	CVE-2021-0279	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1053	date:	2021-07-15T00:00:00
db:	NVD	id:	CVE-2021-0279	date:	2021-07-15T20:15:09.543