CVE-2021-0212

Published: Jan 15, 2021Modified: Nov 21, 2024

5.0

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.3 / Impact: 3.6

Source: sirt@juniper.net (Secondary)

Description

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31.

Affected (1)

Products: Juniper: Contrail Networking

1 product

Contrail Networking

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Contrail Networking	Before 1911.31

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://kb.juniper.net/JSA11102

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11102

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.