mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
314 lines
12 KiB
JSON
314 lines
12 KiB
JSON
{
|
|
"id": "CVE-2021-0231",
|
|
"sourceIdentifier": "sirt@juniper.net",
|
|
"published": "2021-04-22T20:15:08.673",
|
|
"lastModified": "2024-11-21T05:42:15.657",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de Salto de Ruta en las series SRX y vSRX de Juniper Networks, puede permitir a un usuario J-web autenticado leer archivos confidenciales del sistema. Este problema afecta a Juniper Networks Junos OS en las series SRX y vSRX: versiones 19.3 anteriores a 19.3R2-S6, 19.3R3-S1; versiones 19.4 anteriores a 19.4R2-S4, 19.4R3; 20.1 versiones anteriores a 20.1R1-S4, 20.1R2; versiones 20.2 anteriores a 20.2R1-S3, 20.2R2; Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 19.3R1"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
|
|
"baseScore": 6.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 6.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "sirt@juniper.net",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59006503-B2CA-4F79-AC13-7C5615A74CE5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B8110DA9-54B1-43CF-AACB-76EABE0C9EF6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "11B5CC5A-1959-4113-BFCF-E4BA63D918C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "33F08A33-EF80-4D86-9A9A-9DF147B9B6D3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF24ACBD-5F84-47B2-BFF3-E9A56666269C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3935A586-41BD-4FA5-9596-DED6F0864777"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B83FB539-BD7C-4BEE-9022-098F73902F38"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7659AC36-A5EA-468A-9793-C1EC914D36F4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0E018E1-568E-40F2-ADA5-F71509811879"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B9295AF3-A883-47C3-BAF8-3D82F719733E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DC743EE4-8833-452A-94DB-655BF139F883"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FE96A8EA-FFE3-4D8F-9266-21899149D634"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C12A75C6-2D00-4202-B861-00FF71585FA0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4DCFA774-96EF-4018-82CF-95C807025C24"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76022948-4B07-43CB-824C-44E1AB3537CB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "25446F60-5CB9-4923-BCE8-609AE3CFDFBC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A23E5CEA-EFF5-4641-BC47-BA2D0859F0EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8328FDE6-9707-4142-B905-3B07C0E28E35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "41CD982F-E6F2-4951-9F96-A76C142DF08E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19FDC05F-5582-4F7E-B628-E58A3C0E7F2F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "401306D1-E9CE-49C6-8DC9-0E8747B9DC2C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD07B7E2-F5C2-4610-9133-FDA9E66DFF4F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3C23AEB-34DE-44FB-8D64-E69D6E8B7401"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18DB9401-5A51-4BB3-AC2F-58F58F1C788C"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:juniper:vsrx:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36F68E75-E6C6-4DB4-AE0E-C5637ECE7C88"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://kb.juniper.net/JSA11126",
|
|
"source": "sirt@juniper.net",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://kb.juniper.net/JSA11126",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |