CVE Vulnerabilities

CVE-2021-0255

Execution with Unnecessary Privileges

Published: Apr 22, 2021 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1.

Weakness

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 17.3 (including) 17.3 (including)
Junos Juniper 17.3-r1 (including) 17.3-r1 (including)
Junos Juniper 17.3-r1-s1 (including) 17.3-r1-s1 (including)
Junos Juniper 17.3-r1-s4 (including) 17.3-r1-s4 (including)
Junos Juniper 17.3-r2 (including) 17.3-r2 (including)
Junos Juniper 17.3-r2-s1 (including) 17.3-r2-s1 (including)
Junos Juniper 17.3-r2-s2 (including) 17.3-r2-s2 (including)
Junos Juniper 17.3-r2-s3 (including) 17.3-r2-s3 (including)
Junos Juniper 17.3-r2-s4 (including) 17.3-r2-s4 (including)
Junos Juniper 17.3-r2-s5 (including) 17.3-r2-s5 (including)
Junos Juniper 17.3-r3 (including) 17.3-r3 (including)
Junos Juniper 17.3-r3-s1 (including) 17.3-r3-s1 (including)
Junos Juniper 17.3-r3-s10 (including) 17.3-r3-s10 (including)
Junos Juniper 17.3-r3-s11 (including) 17.3-r3-s11 (including)
Junos Juniper 17.3-r3-s2 (including) 17.3-r3-s2 (including)
Junos Juniper 17.3-r3-s3 (including) 17.3-r3-s3 (including)
Junos Juniper 17.3-r3-s4 (including) 17.3-r3-s4 (including)
Junos Juniper 17.3-r3-s5 (including) 17.3-r3-s5 (including)
Junos Juniper 17.3-r3-s6 (including) 17.3-r3-s6 (including)
Junos Juniper 17.3-r3-s7 (including) 17.3-r3-s7 (including)
Junos Juniper 17.3-r3-s8 (including) 17.3-r3-s8 (including)
Junos Juniper 17.3-r3-s9 (including) 17.3-r3-s9 (including)
Junos Juniper 17.4 (including) 17.4 (including)
Junos Juniper 17.4-r1 (including) 17.4-r1 (including)
Junos Juniper 17.4-r1-s1 (including) 17.4-r1-s1 (including)
Junos Juniper 17.4-r1-s2 (including) 17.4-r1-s2 (including)
Junos Juniper 17.4-r1-s3 (including) 17.4-r1-s3 (including)
Junos Juniper 17.4-r1-s4 (including) 17.4-r1-s4 (including)
Junos Juniper 17.4-r1-s5 (including) 17.4-r1-s5 (including)
Junos Juniper 17.4-r1-s6 (including) 17.4-r1-s6 (including)
Junos Juniper 17.4-r1-s7 (including) 17.4-r1-s7 (including)
Junos Juniper 17.4-r2 (including) 17.4-r2 (including)
Junos Juniper 17.4-r2-s1 (including) 17.4-r2-s1 (including)
Junos Juniper 17.4-r2-s10 (including) 17.4-r2-s10 (including)
Junos Juniper 17.4-r2-s11 (including) 17.4-r2-s11 (including)
Junos Juniper 17.4-r2-s12 (including) 17.4-r2-s12 (including)
Junos Juniper 17.4-r2-s2 (including) 17.4-r2-s2 (including)
Junos Juniper 17.4-r2-s3 (including) 17.4-r2-s3 (including)
Junos Juniper 17.4-r2-s4 (including) 17.4-r2-s4 (including)
Junos Juniper 17.4-r2-s5 (including) 17.4-r2-s5 (including)
Junos Juniper 17.4-r2-s6 (including) 17.4-r2-s6 (including)
Junos Juniper 17.4-r2-s7 (including) 17.4-r2-s7 (including)
Junos Juniper 17.4-r2-s8 (including) 17.4-r2-s8 (including)
Junos Juniper 17.4-r2-s9 (including) 17.4-r2-s9 (including)
Junos Juniper 17.4-r3 (including) 17.4-r3 (including)
Junos Juniper 17.4-r3-s1 (including) 17.4-r3-s1 (including)
Junos Juniper 17.4-r3-s2 (including) 17.4-r3-s2 (including)
Junos Juniper 17.4-r3-s3 (including) 17.4-r3-s3 (including)
Junos Juniper 18.1 (including) 18.1 (including)
Junos Juniper 18.1-r1 (including) 18.1-r1 (including)
Junos Juniper 18.1-r2 (including) 18.1-r2 (including)
Junos Juniper 18.1-r2-s1 (including) 18.1-r2-s1 (including)
Junos Juniper 18.1-r2-s2 (including) 18.1-r2-s2 (including)
Junos Juniper 18.1-r2-s4 (including) 18.1-r2-s4 (including)
Junos Juniper 18.1-r3 (including) 18.1-r3 (including)
Junos Juniper 18.1-r3-s1 (including) 18.1-r3-s1 (including)
Junos Juniper 18.1-r3-s10 (including) 18.1-r3-s10 (including)
Junos Juniper 18.1-r3-s11 (including) 18.1-r3-s11 (including)
Junos Juniper 18.1-r3-s2 (including) 18.1-r3-s2 (including)
Junos Juniper 18.1-r3-s3 (including) 18.1-r3-s3 (including)
Junos Juniper 18.1-r3-s4 (including) 18.1-r3-s4 (including)
Junos Juniper 18.1-r3-s5 (including) 18.1-r3-s5 (including)
Junos Juniper 18.1-r3-s6 (including) 18.1-r3-s6 (including)
Junos Juniper 18.1-r3-s7 (including) 18.1-r3-s7 (including)
Junos Juniper 18.1-r3-s8 (including) 18.1-r3-s8 (including)
Junos Juniper 18.1-r3-s9 (including) 18.1-r3-s9 (including)
Junos Juniper 18.2 (including) 18.2 (including)
Junos Juniper 18.2-r1 (including) 18.2-r1 (including)
Junos Juniper 18.2-r1-s2 (including) 18.2-r1-s2 (including)
Junos Juniper 18.2-r1-s3 (including) 18.2-r1-s3 (including)
Junos Juniper 18.2-r1-s4 (including) 18.2-r1-s4 (including)
Junos Juniper 18.2-r1-s5 (including) 18.2-r1-s5 (including)
Junos Juniper 18.2-r2 (including) 18.2-r2 (including)
Junos Juniper 18.2-r2-s1 (including) 18.2-r2-s1 (including)
Junos Juniper 18.2-r2-s2 (including) 18.2-r2-s2 (including)
Junos Juniper 18.2-r2-s3 (including) 18.2-r2-s3 (including)
Junos Juniper 18.2-r2-s4 (including) 18.2-r2-s4 (including)
Junos Juniper 18.2-r2-s5 (including) 18.2-r2-s5 (including)
Junos Juniper 18.2-r2-s6 (including) 18.2-r2-s6 (including)
Junos Juniper 18.2-r2-s7 (including) 18.2-r2-s7 (including)
Junos Juniper 18.2-r3 (including) 18.2-r3 (including)
Junos Juniper 18.2-r3-s1 (including) 18.2-r3-s1 (including)
Junos Juniper 18.2-r3-s2 (including) 18.2-r3-s2 (including)
Junos Juniper 18.2-r3-s3 (including) 18.2-r3-s3 (including)
Junos Juniper 18.2-r3-s4 (including) 18.2-r3-s4 (including)
Junos Juniper 18.2-r3-s5 (including) 18.2-r3-s5 (including)
Junos Juniper 18.2-r3-s6 (including) 18.2-r3-s6 (including)
Junos Juniper 18.3 (including) 18.3 (including)
Junos Juniper 18.3-r1 (including) 18.3-r1 (including)
Junos Juniper 18.3-r1-s1 (including) 18.3-r1-s1 (including)
Junos Juniper 18.3-r1-s2 (including) 18.3-r1-s2 (including)
Junos Juniper 18.3-r1-s3 (including) 18.3-r1-s3 (including)
Junos Juniper 18.3-r1-s4 (including) 18.3-r1-s4 (including)
Junos Juniper 18.3-r1-s5 (including) 18.3-r1-s5 (including)
Junos Juniper 18.3-r1-s6 (including) 18.3-r1-s6 (including)
Junos Juniper 18.3-r2 (including) 18.3-r2 (including)
Junos Juniper 18.3-r2-s1 (including) 18.3-r2-s1 (including)
Junos Juniper 18.3-r2-s2 (including) 18.3-r2-s2 (including)
Junos Juniper 18.3-r2-s3 (including) 18.3-r2-s3 (including)
Junos Juniper 18.3-r2-s4 (including) 18.3-r2-s4 (including)
Junos Juniper 18.3-r3 (including) 18.3-r3 (including)
Junos Juniper 18.3-r3-s1 (including) 18.3-r3-s1 (including)
Junos Juniper 18.3-r3-s2 (including) 18.3-r3-s2 (including)
Junos Juniper 18.3-r3-s3 (including) 18.3-r3-s3 (including)
Junos Juniper 18.4 (including) 18.4 (including)
Junos Juniper 18.4-r1 (including) 18.4-r1 (including)
Junos Juniper 18.4-r1-s1 (including) 18.4-r1-s1 (including)
Junos Juniper 18.4-r1-s2 (including) 18.4-r1-s2 (including)
Junos Juniper 18.4-r1-s3 (including) 18.4-r1-s3 (including)
Junos Juniper 18.4-r1-s4 (including) 18.4-r1-s4 (including)
Junos Juniper 18.4-r1-s5 (including) 18.4-r1-s5 (including)
Junos Juniper 18.4-r1-s6 (including) 18.4-r1-s6 (including)
Junos Juniper 18.4-r1-s7 (including) 18.4-r1-s7 (including)
Junos Juniper 18.4-r2 (including) 18.4-r2 (including)
Junos Juniper 18.4-r2-s1 (including) 18.4-r2-s1 (including)
Junos Juniper 18.4-r2-s2 (including) 18.4-r2-s2 (including)
Junos Juniper 18.4-r2-s3 (including) 18.4-r2-s3 (including)
Junos Juniper 18.4-r2-s4 (including) 18.4-r2-s4 (including)
Junos Juniper 18.4-r2-s5 (including) 18.4-r2-s5 (including)
Junos Juniper 18.4-r2-s6 (including) 18.4-r2-s6 (including)
Junos Juniper 18.4-r3 (including) 18.4-r3 (including)
Junos Juniper 18.4-r3-s1 (including) 18.4-r3-s1 (including)
Junos Juniper 18.4-r3-s2 (including) 18.4-r3-s2 (including)
Junos Juniper 18.4-r3-s3 (including) 18.4-r3-s3 (including)
Junos Juniper 18.4-r3-s4 (including) 18.4-r3-s4 (including)
Junos Juniper 18.4-r3-s5 (including) 18.4-r3-s5 (including)
Junos Juniper 18.4-r3-s6 (including) 18.4-r3-s6 (including)
Junos Juniper 19.1 (including) 19.1 (including)
Junos Juniper 19.1-r1 (including) 19.1-r1 (including)
Junos Juniper 19.1-r1-s1 (including) 19.1-r1-s1 (including)
Junos Juniper 19.1-r1-s2 (including) 19.1-r1-s2 (including)
Junos Juniper 19.1-r1-s3 (including) 19.1-r1-s3 (including)
Junos Juniper 19.1-r1-s4 (including) 19.1-r1-s4 (including)
Junos Juniper 19.1-r1-s5 (including) 19.1-r1-s5 (including)
Junos Juniper 19.1-r2 (including) 19.1-r2 (including)
Junos Juniper 19.1-r2-s1 (including) 19.1-r2-s1 (including)
Junos Juniper 19.1-r3 (including) 19.1-r3 (including)
Junos Juniper 19.1-r3-s1 (including) 19.1-r3-s1 (including)
Junos Juniper 19.1-r3-s2 (including) 19.1-r3-s2 (including)
Junos Juniper 19.1-r3-s3 (including) 19.1-r3-s3 (including)
Junos Juniper 19.2 (including) 19.2 (including)
Junos Juniper 19.2-r1 (including) 19.2-r1 (including)
Junos Juniper 19.2-r1-s1 (including) 19.2-r1-s1 (including)
Junos Juniper 19.2-r1-s2 (including) 19.2-r1-s2 (including)
Junos Juniper 19.2-r1-s3 (including) 19.2-r1-s3 (including)
Junos Juniper 19.2-r1-s4 (including) 19.2-r1-s4 (including)
Junos Juniper 19.2-r1-s5 (including) 19.2-r1-s5 (including)
Junos Juniper 19.2-r2 (including) 19.2-r2 (including)
Junos Juniper 19.2-r2-s1 (including) 19.2-r2-s1 (including)
Junos Juniper 19.2-r3 (including) 19.2-r3 (including)
Junos Juniper 19.2-r3-s1 (including) 19.2-r3-s1 (including)
Junos Juniper 19.3 (including) 19.3 (including)
Junos Juniper 19.3-r1 (including) 19.3-r1 (including)
Junos Juniper 19.3-r1-s1 (including) 19.3-r1-s1 (including)
Junos Juniper 19.3-r2 (including) 19.3-r2 (including)
Junos Juniper 19.3-r2-s1 (including) 19.3-r2-s1 (including)
Junos Juniper 19.3-r2-s2 (including) 19.3-r2-s2 (including)
Junos Juniper 19.3-r2-s3 (including) 19.3-r2-s3 (including)
Junos Juniper 19.3-r2-s4 (including) 19.3-r2-s4 (including)
Junos Juniper 19.3-r2-s5 (including) 19.3-r2-s5 (including)
Junos Juniper 19.3-r3 (including) 19.3-r3 (including)
Junos Juniper 19.4-r1 (including) 19.4-r1 (including)
Junos Juniper 19.4-r1-s1 (including) 19.4-r1-s1 (including)
Junos Juniper 19.4-r1-s2 (including) 19.4-r1-s2 (including)
Junos Juniper 19.4-r2 (including) 19.4-r2 (including)
Junos Juniper 19.4-r2-s1 (including) 19.4-r2-s1 (including)
Junos Juniper 19.4-r2-s2 (including) 19.4-r2-s2 (including)
Junos Juniper 19.4-r3 (including) 19.4-r3 (including)
Junos Juniper 19.4-r3-s1 (including) 19.4-r3-s1 (including)
Junos Juniper 20.1-r1 (including) 20.1-r1 (including)
Junos Juniper 20.1-r1-s1 (including) 20.1-r1-s1 (including)
Junos Juniper 20.1-r1-s2 (including) 20.1-r1-s2 (including)
Junos Juniper 20.1-r1-s3 (including) 20.1-r1-s3 (including)
Junos Juniper 20.1-r1-s4 (including) 20.1-r1-s4 (including)
Junos Juniper 20.2-r1 (including) 20.2-r1 (including)
Junos Juniper 20.2-r1-s1 (including) 20.2-r1-s1 (including)
Junos Juniper 20.2-r1-s2 (including) 20.2-r1-s2 (including)
Junos Juniper 20.2-r1-s3 (including) 20.2-r1-s3 (including)
Junos Juniper 20.2-r2 (including) 20.2-r2 (including)
Junos Juniper 20.3-r1 (including) 20.3-r1 (including)
Junos Juniper 20.4-r1 (including) 20.4-r1 (including)
Junos Juniper 20.4-r1-s1 (including) 20.4-r1-s1 (including)

Extended Description

New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable the normal security checks being performed by the operating system or surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if they occur while operating at raised privileges. Privilege management functions can behave in some less-than-obvious ways, and they have different quirks on different platforms. These inconsistencies are particularly pronounced if you are transitioning from one non-root user to another. Signal handlers and spawned processes run at the privilege of the owning process, so if a process is running as root when a signal fires or a sub-process is executed, the signal handler or sub-process will operate with root privileges.

Potential Mitigations

References