6.9

CVE-2025-6549

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the 

Juniper Web Device Manager

 (J-Web).

When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces.
This issue affects Junos OS:



  *  all versions before 21.4R3-S9,
  *  22.2 versions before 22.2R3-S5,
  *  22.4 versions before 22.4R3-S5,
  *  23.2 versions before 23.2R2-S3,
  *  23.4 versions before 23.4R2-S5,
  *  24.2 versions before 24.2R2.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version < 21.4R3-S9
Version 0
Status affected
Version < 22.2R3-S5
Version 22.2
Status affected
Version < 22.4R3-S5
Version 22.4
Status affected
Version < 23.2R2-S3
Version 23.2
Status affected
Version < 23.4R2-S5
Version 23.4
Status affected
Version < 24.2R2
Version 24.2
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
sirt@juniper.net 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:X
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.