admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/0xxx/CVE-2021-0231.json
CVE Team c1c4ddc6c2
"-Synchronized-Data."
2021-04-22 20:00:45 +00:00

139 lines
5.6 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-0231",
"STATE": "PUBLIC",
"TITLE": "Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure. "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "SRX, vSRX Series",
"version_affected": "<",
"version_name": "19.3",
"version_value": "19.3R2-S6, 19.3R3-S1"
},
{
"platform": "SRX, vSRX Series",
"version_affected": "<",
"version_name": "19.4",
"version_value": "19.4R2-S4, 19.4R3"
},
{
"platform": "SRX, vSRX Series",
"version_affected": "<",
"version_name": "20.1",
"version_value": "20.1R1-S4, 20.1R2"
},
{
"platform": "SRX, vSRX Series",
"version_affected": "<",
"version_name": "20.2",
"version_value": "20.2R1-S3, 20.2R2"
},
{
"version_affected": "!<",
"version_value": "19.3R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The examples of the config stanza affected by this issue:\n\n [system services web-management]\n\nor\n\n [system services web-management https]\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11126",
"name": "https://kb.juniper.net/JSA11126"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 19.3R2-S6, 19.3R3-S1, 19.4R2-S4, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1-S3, 20.2R2, 20.3R1, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11126",
"defect": [
"1504528"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "There are no viable workarounds for this issue.\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to only trusted administrative networks, hosts and users.\n"
}
]
}
Reference in New Issue View Git Blame Copy Permalink