8.5
CVE-2025-11198
- EPSS 0.07%
- Veröffentlicht 09.10.2025 15:39:28
- Zuletzt bearbeitet 26.01.2026 18:29:28
- Quelle sirt@juniper.net
- CVE-Watchlists
- Unerledigt
LoginA Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one. This issue affects Security Director Policy Enforcer: * All versions before 23.1R1 Hotpatch v3. This issue does not affect Junos Space Security Director Insights.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Juniper ≫ Security Director Policy Enforcer Version < 23.1
Juniper ≫ Security Director Policy Enforcer Version23.1 Updater1
Juniper ≫ Security Director Policy Enforcer Version23.1 Updater1_hotpatch_v1
Juniper ≫ Security Director Policy Enforcer Version23.1 Updater1_hotpatch_v2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.209 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| sirt@juniper.net | 8.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red
|
| sirt@juniper.net | 7.4 | 2.8 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.