CVE-2020-1631

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 12.3R12-S16 Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105 Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D54 Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S7 Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220 Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S8 Juniper Networks Junos OS 17.2 versions prior to 17.2R3-S4 Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S8 Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2 Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S10 Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S7, 18.2R3-S4 Juniper Networks Junos OS 18.3 versions prior to 18.3R2-S4, 18.3R3-S2 Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 Juniper Networks Junos OS 19.1 versions prior to 19.1R1-S5, 19.1R3-S1 Juniper Networks Junos OS 19.2 versions prior to 19.2R2 Juniper Networks Junos OS 19.3 versions prior to 19.3R2-S3, 19.3R3 Juniper Networks Junos OS 19.4 versions prior to 19.4R1-S2, 19.4R2 Juniper Networks Junos OS 20.1 versions prior to 20.1R1-S1, 20.1R2

Description A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. This may allow the attacker to inject commands into the httpd.log, read files with 'world' readable permission, or obtain J-Web session tokens. If J-Web is enabled, the attacker could gain the same level of access as anyone actively logged into J-Web, potentially gaining administrator access. Juniper SIRT has received a single report of this vulnerability being exploited in the wild.

Recommendations For Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16, update to 12.3R12-S16 or later. For Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105, update to 12.3X48-D101 or later. For Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D54, update to 14.1X53-D54 or later. For Juniper Networks Junos OS 15.1 versions prior to 15.1R7-S7, update to 15.1R7-S7 or later. For Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220, update to 15.1X49-D211 or later. For Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S8, update to 16.1R7-S8 or later. For Juniper Networks Junos OS 17.2 versions prior to 17.2R3-S4, update to 17.2R3-S4 or later. For Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S8, update to 17.3R3-S8 or later. For Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, update to 17.4R2-S11 or later. For Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S10, update to 18.1R3-S10 or later. For Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S7, 18.2R3-S4, update to 18.2R2-S7 or later. For Juniper Networks Junos OS 18.3 versions prior to 18.3R2-S4, 18.3R3-S2, update to 18.3R2-S4 or later. For Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S7, 18.4R3-S2, update to 18.4R1-S7 or later. For Juniper Networks Junos OS 19.1 versions prior to 19.1R1-S5, 19.1R3-S1, update to 19.1R1-S5 or later. For Juniper Networks Junos OS 19.2 versions prior to 19.2R2, update to 19.2R2 or later. For Juniper Networks Junos OS 19.3 versions prior to 19.3R2-S3, 19.3R3, update to 19.3R2-S3 or later. For Juniper Networks Junos OS 19.4 versions prior to 19.4R1-S2, 19.4R2, update to 19.4R1-S2 or later. For Juniper Networks Junos OS 20.1 versions prior to 20.1R1-S1, 20.1R2, update to 20.1R1-S1 or later. As a temporary workaround, consider disabling the HTTP/HTTPS service until a patch is available. Restrict access to the J-Web interface to minimize the risk of exploitation. Avoid using the httpd.log file for sensitive information until the issue is resolved.