How severe is CVE-2021-0256?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-0256?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2021-0256 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3.

Related Vulnerabilities

CVE-2018-10872

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not delive...

CWE-2502018

CVE-2020-7252

MEDIUM

CVSS:5.5(Medium)

Unquoted service executable path in DXL Broker in McAfee Data eXchange Layer (DXL) Framework 6.0.0 and earlier allows local users to cause a denial of service and malicious file execution via carefull...

CWE-2502020

CVE-2023-20217

MEDIUM

CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This v...

CWE-2502023

CVE-2025-24814

MEDIUM

CVSS:5.4(Medium)

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "use...

CWE-2502025

CVE-2023-20210

MEDIUM

CVSS:6.0(Medium)

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation...

CWE-2502023

CVE-2023-37412

MEDIUM

CVSS:4.9(Medium)

IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.

CWE-2502023