{"containers": {"cna": {"affected": [{"product": "Contrail Insights", "vendor": "Juniper Networks", "versions": [{"lessThan": "3.1.22, 3.2.14, 3.3.0", "status": "affected", "version": "3", "versionType": "custom"}]}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Remote Command Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-22T19:37:22", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://kb.juniper.net/JSA11156"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: AppFormix 3.1.22, 3.2.14, 3.3.0, and all subsequent releases."}], "source": {"advisory": "JSA11156", "defect": ["AP-1330"], "discovery": "USER"}, "title": "Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root.", "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-04-14T16:00:00.000Z", "ID": "CVE-2021-0265", "STATE": "PUBLIC", "TITLE": "Contrail Insights: The REST API implementation allows an unauthenticated remote attacker to execute commands as root."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Contrail Insights", "version": {"version_data": [{"version_affected": "<", "version_name": "3", "version_value": "3.1.22, 3.2.14, 3.3.0"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Command Execution"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11156", "refsource": "MISC", "url": "https://kb.juniper.net/JSA11156"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: AppFormix 3.1.22, 3.2.14, 3.3.0, and all subsequent releases."}], "source": {"advisory": "JSA11156", "defect": ["AP-1330"], "discovery": "USER"}, "work_around": [{"lang": "en", "value": "There are no known workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:32:10.475Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://kb.juniper.net/JSA11156"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-0265", "datePublished": "2021-04-22T19:37:22.989145Z", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-09-16T18:19:35.199Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:appformix:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5F34E62-DBBD-4795-A80B-2D08AA8F5AF2", "versionEndExcluding": "3.1.22", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:appformix:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF1AF84C-C7F2-437D-9F01-357DE30863CE", "versionEndExcluding": "3.2.14", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the environment. This issue affects: Juniper Networks AppFormix 3 versions prior to 3.1.22, 3.2.14, 3.3.0."}, {"lang": "es", "value": "Una API REST no comprobada en AppFormix Agent de Juniper Networks AppFormix, permite a un atacante remoto no autenticado ejecutar comandos como root en el host que ejecuta AppFormix Agent, cuando determinadas condiciones previas son llevadas a cabo por el atacante, lo que le otorga al atacante control total sobre el entorno. Este problema afecta a: Juniper Networks AppFormix versiones 3 anteriores a 3.1.22, 3.2.14, 3.3.0"}], "id": "CVE-2021-0265", "lastModified": "2024-11-21T05:42:21.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2021-04-22T20:15:09.843", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11156"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}