CVE-2021-31349

Published: Oct 19, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Affected (2)

Products: Juniper: 128 Technology Session Smart Router Firmware

1 product

128 Technology Session Smart Router Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Juniper 128 Technology Session Smart Router Firmware	Before 4.5.11
Juniper 128 Technology Session Smart Router Firmware	From 5.0.0 to 5.0.1

Running on/with	Platform Versions
Juniper 128 Technology Session Smart Router	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://kb.juniper.net/JSA11256

Source: sirt@juniper.net

Vendor Advisory

https://kb.juniper.net/JSA11256

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.