Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31349

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Published

2021-10-19T19:15:08.477

Last Modified

2024-11-21T06:05:28.377

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-287
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	128_technology_session_smart_router_firmware	< 4.5.11	Yes
Operating System	juniper	128_technology_session_smart_router_firmware	≤ 5.0.1	Yes
Hardware	juniper	128_technology_session_smart_router	-	No

References

https://kb.juniper.net/JSA11256 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA11256 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)