CVE-2021-31357— Juniper Networks Junos OS 操作系统命令注入漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2021-31357の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script
ソース: NVD (National Vulnerability Database)
脆弱性説明
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
在命令中使用的特殊元素转义处理不恰当(命令注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Juniper Networks Junos OS 操作系统命令注入漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS 存在操作系统命令注入漏洞,该漏洞源于Juniper Networks Junos OS Evolved 上的 tcpdump 命令处理中的命令注入漏洞允许具有经过身份验证的 CLI 访问的攻击者能够绕过配置的访问保护在当前用户的上下文中执行任意 shell
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved | unspecified ~ 20.3R2-S1-EVO | - |
II. CVE-2021-31357の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2021-31357のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Juniper Networks · 2021-10-19 · 42 CVEs total
| CVE-2021-31349 | 9.8 CRITICAL | Session Smart Router: Authentication Bypass Vulnerability |
| CVE-2021-31385 | 8.8 HIGH | Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevat |
| CVE-2021-31372 | 8.8 HIGH | Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to ro |
| CVE-2021-31355 | 8.0 HIGH | Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal |
| CVE-2021-31373 | 8.0 HIGH | Junos OS: SRX Series: Persistent XSS vulnerability in J-Web |
| CVE-2021-31356 | 7.8 HIGH | Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts |
| CVE-2021-31358 | 7.8 HIGH | Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script |
| CVE-2021-31359 | 7.8 HIGH | Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability |
| CVE-2021-31350 | 7.5 HIGH | Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Too |
| CVE-2021-31351 | 7.5 HIGH | Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset |
| CVE-2021-31379 | 7.5 HIGH | Junos OS: MX Series: MPC 7/8/9/10/11 cards with MAP-E: PFE halts when an attacker sends ma |
| CVE-2021-31353 | 7.5 HIGH | Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update |
| CVE-2021-31376 | 7.5 HIGH | Junos OS: ACX Series: Packet Forwarding Engine manager (FXPC) process crashes when process |
| CVE-2021-31374 | 7.5 HIGH | Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE o |
| CVE-2021-31383 | 7.5 HIGH | Junos OS and Junos OS Evolved: In Point to MultiPoint (P2MP) scenarios receipt of various |
| CVE-2021-0299 | 7.5 HIGH | Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet |
| CVE-2021-31368 | 7.5 HIGH | Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of |
| CVE-2021-0296 | 7.4 HIGH | CTPView: HSTS not being enforced on CTPView server. |
| CVE-2021-31384 | 7.2 HIGH | Junos OS: SRX Series: Under a specific device configuration an attacker can access the dev |
| CVE-2021-31375 | 7.2 HIGH | Junos OS: Receipt of a specific BGP update may cause RPKI policy-checks to be bypassed |
Showing 20 of 42 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Junos OS Evolved
- CVE-2026-33783
Junos OS Evolved: PTX Series: If SRTE tunnels provisioned vi - CVE-2026-33788
Junos OS Evolved: Local, authenticated attacker can gain pri - CVE-2025-59969
Junos OS Evolved: QFX5000 Series and PTX Series: An attacker - CVE-2026-21902
Junos OS Evolved: PTX Series: A vulnerability allows a unaut - CVE-2026-21911
Junos OS Evolved: Flapping management interface causes MAC l
同じベンダー: Juniper Networks
- CVE-2026-33791
Junos OS and Junos OS Evolved: Execution of crafted CLI comm - CVE-2026-33790
Junos OS: SRX Series: In a NAT64 configuration, receipt of a - CVE-2026-33787
Junos OS: SRX1500, SRX4100, SRX4200, SRX4600: When a specifi - CVE-2026-33785
Junos OS: MX Series: Missing Authorization for specific 'req - CVE-2026-33784
JSI Virtual Lightweight Collector: Default password is not r
同じ弱点: CWE-77
- CVE-2026-8210
aandrew-me tgpt Update helper.go helper.Update command injec - CVE-2026-42258
net-imap: Command Injection via unvalidated Symbol inputs - CVE-2026-42453
Termix: Command injection in extractArchive/compressFiles vi - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-41500
electerm has Command Injection Vulnerability via runMac func
V. CVE-2021-31357へのコメント
まだコメントはありません