admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-313xx/CVE-2021-31349.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

154 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-31349",
"sourceIdentifier": "sirt@juniper.net",
"published": "2021-10-19T19:15:08.477",
"lastModified": "2022-10-25T15:32:54.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."
},
{
"lang": "es",
"value": "El uso de un encabezado HTTP interno cre\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n (CWE-287), que permite a un atacante visualizar archivos internos, cambiar la configuraci\u00f3n, manipular servicios y ejecutar c\u00f3digo arbitrario. Este problema afecta a todas las versiones de Juniper Networks 128 Technology Session Smart Router anteriores a 4.5.11 y a todas las versiones de la 5.0 hasta la 5.0.1 incluy\u00e9ndola"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:128_technology_session_smart_router_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.11",
"matchCriteriaId": "72C7EC3E-205A-451F-8137-9F634C2448D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:128_technology_session_smart_router_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.0.1",
"matchCriteriaId": "FA941208-3FD3-473B-BEEC-56039276B965"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:juniper:128_technology_session_smart_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06277EBD-B1A7-43F5-8FBE-1A057C32A939"
}
]
}
]
}
],
"references": [
{
"url": "https://kb.juniper.net/JSA11256",
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink