CVE-2021-31349
Last modified
CVE-2021-31349 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.. EPSS estimates a 1.67% chance of exploitation in the next 30 days.
Description
The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Juniper | 128 Technology Session Smart Router Firmware | < 4.5.11 |
| Juniper | 128 Technology Session Smart Router Firmware | >= 5.0.0, <= 5.0.1 |
References
- https://kb.juniper.net/JSA11256Vendor Advisory
- https://kb.juniper.net/JSA11256Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31349?
How severe is CVE-2021-31349?
How do I fix CVE-2021-31349?
Are you affected by CVE-2021-31349?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST