CVE-2021-31384

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-31384
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://kb.juniper.net/ Permissions Required
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11252 Vendor Advisory
https://kb.juniper.net/ Permissions Required
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
OR cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:05

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 10.0 		v2 : 7.5
v3 : 7.2
References () https://kb.juniper.net/ - Permissions Required () https://kb.juniper.net/ - Permissions Required
Information

Published : 2021-10-19 19:15

Updated : 2024-11-21 06:05

NVD link : CVE-2021-31384

Mitre link : CVE-2021-31384

CVE.ORG link : CVE-2021-31384

JSON object : View

Products Affected

juniper

  • srx300
  • srx4600
  • srx4200
  • srx1500
  • junos
  • srx5600
  • srx5800
  • srx5400
  • srx4100
  • srx550
CWE
CWE-285

Improper Authorization

CWE-551

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

CWE-862

Missing Authorization

CWE-939

Improper Authorization in Handler for Custom URL Scheme

CWE-1220

Insufficient Granularity of Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024