CVE-2021-31384
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/10/2021
Last modified:
25/10/2021
Description
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
Impact
Base Score 3.x
10.00
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page