8.6

CVE-2025-59968

Medienbericht
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. 




Tampering with this metadata can result in managed SRX Series devices permitting network traffic that should otherwise be blocked by policy, effectively bypassing intended security controls.



This issue affects Junos Space Security Director 
  *   all versions prior to 24.1R3 Patch V4


This issue does not affect managed cSRX Series devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperSpace Security Director Version < 24.1
   JuniperVsrx Version-
   JuniperSrx1500 Version-
   JuniperSrx1600 Version-
   JuniperSrx2300 Version-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
   JuniperSrx4100 Version-
   JuniperSrx4120 Version-
   JuniperSrx4200 Version-
   JuniperSrx4300 Version-
   JuniperSrx4600 Version-
   JuniperSrx4700 Version-
   JuniperSrx5400 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
JuniperSpace Security Director Version24.1 Updater1
   JuniperVsrx Version-
   JuniperSrx1500 Version-
   JuniperSrx1600 Version-
   JuniperSrx2300 Version-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
   JuniperSrx4100 Version-
   JuniperSrx4120 Version-
   JuniperSrx4200 Version-
   JuniperSrx4300 Version-
   JuniperSrx4600 Version-
   JuniperSrx4700 Version-
   JuniperSrx5400 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
JuniperSpace Security Director Version24.1 Updater2
   JuniperVsrx Version-
   JuniperSrx1500 Version-
   JuniperSrx1600 Version-
   JuniperSrx2300 Version-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
   JuniperSrx4100 Version-
   JuniperSrx4120 Version-
   JuniperSrx4200 Version-
   JuniperSrx4300 Version-
   JuniperSrx4600 Version-
   JuniperSrx4700 Version-
   JuniperSrx5400 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
JuniperSpace Security Director Version24.1 Updater3
   JuniperVsrx Version-
   JuniperSrx1500 Version-
   JuniperSrx1600 Version-
   JuniperSrx2300 Version-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
   JuniperSrx4100 Version-
   JuniperSrx4120 Version-
   JuniperSrx4200 Version-
   JuniperSrx4300 Version-
   JuniperSrx4600 Version-
   JuniperSrx4700 Version-
   JuniperSrx5400 Version-
   JuniperSrx5600 Version-
   JuniperSrx5800 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.135
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green
sirt@juniper.net 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.