admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/31xxx/CVE-2021-31349.json

114 lines
4.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
{
"CVE_data_meta": {
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
"ID": "CVE-2021-31349",
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"STATE": "PUBLIC",
"TITLE": "Session Smart Router: Authentication Bypass Vulnerability"
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
},
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "128 Technology Session Smart Router",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.5.11"
},
{
"version_affected": "<=",
"version_name": "5.0",
"version_value": "5.0.1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "128 Technology was notified via the JVN community of the vulnerability as JVN#85073657. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2021-10-19 19:01:03 +00:00
"value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
}
]
Juniper-2021-10-13 CVE publications
2021-10-19 18:05:14 +02:00
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11256",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11256"
}
]
},
"solution": [
{
"lang": "eng",
"value": "128 Technology has released software updates that address the vulnerability described in this advisory. \n\nFixed Releases:\nThe following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases.\nCustomers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later.\n\nInstructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading ."
}
],
"source": {
"advisory": "JSA11256",
"defect": [
"I95-41227"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses."
}
]
"-Synchronized-Data."
2021-04-15 18:00:44 +00:00
}
Reference in New Issue Copy Permalink