CVE-2021-31349

Name of the Vulnerable Software and Affected Versions Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11 Juniper Networks 128 Technology Session Smart Router versions 5.0 up to and including 5.0.1

Description The usage of an internal HTTP header created an authentication bypass issue, allowing an attacker to view internal files, change settings, manipulate services, and execute arbitrary code. This issue enables a remote attacker to exploit the vulnerability.

Recommendations For versions prior to 4.5.11, update to version 4.5.11 or later. For versions 5.0 up to and including 5.0.1, update to a version later than 5.0.1. As a temporary workaround, consider restricting access to internal files and settings until a patch is available. Restrict access to the router's services to minimize the risk of exploitation.