CVE-2021-31358 : Security Advisory and Response

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to bypass configured access protections.

Understanding CVE-2021-31358

This CVE describes a vulnerability in Juniper Networks Junos OS Evolved that enables an attacker to execute arbitrary shell commands with the current user's privileges.

What is CVE-2021-31358?

The vulnerability allows an authenticated attacker to bypass command authorization restrictions and execute shell commands available at the assigned privilege level.

The Impact of CVE-2021-31358

This vulnerability poses a high risk, with a CVSS base score of 7.8, allowing an attacker to execute commands beyond their authorized scope.

Technical Details of CVE-2021-31358

The vulnerability affects Junos OS Evolved versions prior to 20.4R2-S2-EVO, 21.1R2-EVO, and 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO.

Vulnerability Description

A command injection vulnerability in sftp command processing allows for the execution of arbitrary shell commands.

Affected Systems and Versions

Junos OS Evolved versions impacted include those prior to 20.4R2-S2-EVO, 21.1R2-EVO, and 21.2R1-S1-EVO, 21.2R2-EVO.

Exploitation Mechanism

An attacker with authenticated CLI access can exploit this vulnerability to bypass user command restrictions.

Mitigation and Prevention

Immediate actions include using access lists or firewall filters to restrict CLI access and limiting the 'file copy' command usage to authorized administrators.

Immediate Steps to Take

Limit access to the device via CLI only from trusted hosts and administrators.

Long-Term Security Practices

Regularly update Junos OS Evolved to versions like 20.4R2-S2-EVO, 21.1R2-EVO, 21.2R1-S1-EVO, 21.2R2-EVO, 21.3R1-EVO, or newer.

Patching and Updates

Juniper Networks has released updates to address this vulnerability in the mentioned versions.