PT-2021-5372 · Juniper Networks · Junos Srx Series+1

Published

2021-10-13

Updated

2021-10-25

CVE-2021-31384

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS SRX Series versions 20.4R1 through 20.4R2-S1, 20.4R3 Juniper Networks Junos OS SRX Series versions 21.1R1 through 21.1R1-S1, 21.1R2

Description The issue is related to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, allowing an attacker to access J-Web administrative interfaces from any device interface, regardless of the web-management configuration and filter rules.

Recommendations For Juniper Networks Junos OS SRX Series versions 20.4R1 through 20.4R2-S1, 20.4R3, update to version 20.4R2-S1 or later. For Juniper Networks Junos OS SRX Series versions 21.1R1 through 21.1R1-S1, 21.1R2, update to version 21.1R1-S1 or later. As a temporary workaround, consider restricting access to the J-Web administrative interfaces until a patch is available.

Fix

Missing Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-551CWE-531CWE-939CWE-862CWE-285CWE-1220

Related Identifiers

BDU:2021-06207

CVE-2021-31384

Affected Products

Junos

Junos Srx Series

PT-2021-5372 · Juniper Networks · Junos Srx Series+1

CVE-2021-31384

Weakness Enumeration

Related Identifiers

Affected Products

References · 7