CVE-2021-31349

EPSS 0.75%
Published 19.10.2021 19:15:08
Last modified 21.11.2024 06:05:28
Source sirt@juniper.net
Teams watchlist Login
Open Login

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ 128 Technology Session Smart Router Firmware Version < 4.5.11

Juniper ≫ 128 Technology Session Smart Router Version-

Juniper ≫ 128 Technology Session Smart Router Firmware Version >= 5.0.0 <= 5.0.1

Juniper ≫ 128 Technology Session Smart Router Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.708

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
sirt@juniper.net	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://kb.juniper.net/JSA11256

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-31349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31349

EUVD