21.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

juniper

CWE-862

NVD

Published: 2021-10-19

Updated: 2021-10-25

Summary

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 20.4 Juniper Junos 21.1	4
Hardware	Juniper Juniper Srx1500 - Juniper Srx300 - Juniper Srx4100 - Juniper Srx4200 - Juniper Srx4600 - Juniper Srx5400 - Juniper Srx550 - Juniper Srx5600 - Juniper Srx5800 -	9

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References