CVSS: 9.3EPSS: 0%CPEs: 114EXPL: 0CVE-2022-22157 – Junos OS: SRX Series: Traffic classification vulnerability when 'no-syn-check' is enabled
https://notcve.org/view.php?id=CVE-2022-22157
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection (JDPI) rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifies out-of-state asymmetric TCP flows as the dynamic-application INCONCLUSIVE instead of UNKNOWN, which is more permissive, causing the firewall to allow traffic to be forwarded that should have been denied. This issue only occurs when 'set security flow tcp-session no-syn-check' is configured on the device. This issue affects Juniper Networks Junos OS on SRX Series: 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R2-S5, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.4R1. • https://kb.juniper.net/JSA11265 • CWE-863: Incorrect Authorization •
CVSS: 7.4EPSS: 0%CPEs: 112EXPL: 1CVE-2022-22156 – Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL
https://notcve.org/view.php?id=CVE-2022-22156
An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una debilidad de comprobación de certificados inapropiada en el Sistema Operativo Junos de Juniper Networks permite a un atacante llevar a cabo ataques de tipo Person-in-the-Middle (PitM) cuando es obtenida una secuencia de comandos del sistema desde una fuente remota en una URL HTTPS especificada, que puede comprometer la integridad y la confidencialidad del dispositivo. El siguiente comando puede ser ejecutado por un administrador por medio de la CLI para refrescar un script desde una ubicación remota, lo cual está afectado por esta vulnerabilidad: )request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url (https-url) Este problema afecta a: Juniper Networks Junos OS Todas las versiones anteriores a 18.4R2-S9, 18.4R3-S9; 19.1 versiones anteriores a 19.1R2-S3, 19.1R3-S7; 19.2 versiones anteriores a 19.2R1-S7, 19.2R3-S3; 19.3 versiones anteriores a 19.3R3-S4; 19. 4 versiones anteriores a 19.4R3-S7; 20.1 versiones anteriores a 20.1R2-S2, 20.1R3; 20.2 versiones anteriores a 20.2R3; versiones 20.3 anteriores a 20.3R2-S1, 20.3R3; 20.4 versiones anteriores a 20.4R2; 21.1 versiones anteriores a 21.1R1-S1, 21.1R2 • https://kb.juniper.net/JSA11264 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.9EPSS: 0%CPEs: 227EXPL: 0CVE-2021-31386 – Junos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.
https://notcve.org/view.php?id=CVE-2021-31386
A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2. Una vulnerabilidad de fallo del mecanismo de protección en el servicio J-Web HTTP de Juniper Networks Junos OS permite a un atacante remoto no autenticado llevar a cabo ataques de tipo Person-in-the-Middle (PitM) contra el dispositivo. Este problema afecta a: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S20; 15.1 versiones anteriores a 15.1R7-S11; versiones 18.3 anteriores a 18.3R3-S6; versiones 18.4 anteriores a 18.4R3-S10; versiones 19.1 anteriores a 19.1R3-S7; versiones 19.2 anteriores a 19.2R3-S4; 19. 3 versiones anteriores a 19.3R3-S4; versiones 19.4 anteriores a 19.4R3-S6; versiones 20.1 anteriores a 20.1R3-S2; versiones 20.2 anteriores a 20.2R3-S3; versiones 20.3 anteriores a 20.3R3-S1; versiones 20.4 anteriores a 20.4R3; versiones 21.1 anteriores a 21.1R3; 21.2 versiones anteriores a 21.2R2 • https://kb.juniper.net/JSA11254 • CWE-300: Channel Accessible by Non-Endpoint CWE-311: Missing Encryption of Sensitive Data CWE-325: Missing Cryptographic Step CWE-693: Protection Mechanism Failure •
CVSS: 8.8EPSS: 0%CPEs: 211EXPL: 0CVE-2021-31385 – Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root
https://notcve.org/view.php?id=CVE-2021-31385
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en J-Web de Juniper Networks Junos OS permite a cualquier atacante autenticado poco privilegiado elevarlos a root. Este problema afecta a: Juniper Networks Junos OS 12.3 versiones anteriores a 12.3R12-S19; 15.1 versiones anteriores a 15.1R7-S10; versiones 18.3 anteriores a 18.3R3-S5; versiones 18.4 anteriores a 18.4R3-S9; versiones 19.1 anteriores a 19.1R3-S6; versiones 19.2 anteriores a 19.2R1-S7, 19.2R3-S3; 19. 3 versiones anteriores a 19.3R3-S3; versiones 19.4 anteriores a 19.4R3-S5; versiones 20.1 anteriores a 20.1R2-S2, 20.1R3-S1; versiones 20.2 anteriores a 20.2R3-S2; versiones 20.3 anteriores a 20.3R3; versiones 20.4 anteriores a 20.4R2-S1, 20.4R3; versiones 21.1 anteriores a 21.1R1-S1, 21.1R2 • https://kb.juniper.net/JSA11253 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2021-31384 – Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service
https://notcve.org/view.php?id=CVE-2021-31384
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. Debido a una debilidad de Autorización Faltante y a una Granularidad Insuficiente del Control de Acceso en una configuración de dispositivo específica, se presenta una vulnerabilidad en Juniper Networks Junos OS en la serie SRX por la a un atacante que intente acceder a las interfaces administrativas de J-Web puede hacerlo con éxito desde cualquier interfaz de dispositivo, independientemente de la configuración de administración web y de las reglas de filtrado que pueden proteger el acceso a J-Web. Este problema afecta a: Juniper Networks Junos OS SRX Series 20.4 versión 20.4R1 y versiones posteriores anteriores a 20.4R2-S1, 20.4R3; versiones 21.1 anteriores a 21.1R1-S1, 21.1R2. • https://kb.juniper.net https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11252 • CWE-285: Improper Authorization CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-862: Missing Authorization CWE-939: Improper Authorization in Handler for Custom URL Scheme CWE-1220: Insufficient Granularity of Access Control •