CVE-2021-31384
Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from any interface, regardless of security settings protecting the service
Severity Score
10.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
Debido a una debilidad de Autorización Faltante y a una Granularidad Insuficiente del Control de Acceso en una configuración de dispositivo específica, se presenta una vulnerabilidad en Juniper Networks Junos OS en la serie SRX por la a un atacante que intente acceder a las interfaces administrativas de J-Web puede hacerlo con éxito desde cualquier interfaz de dispositivo, independientemente de la configuración de administración web y de las reglas de filtrado que pueden proteger el acceso a J-Web. Este problema afecta a: Juniper Networks Junos OS SRX Series 20.4 versión 20.4R1 y versiones posteriores anteriores a 20.4R2-S1, 20.4R3; versiones 21.1 anteriores a 21.1R1-S1, 21.1R2. Este problema no afecta a las versiones de Juniper Networks Junos OS anteriores a 20.4R1
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-15 CVE Reserved
- 2021-10-19 CVE Published
- 2024-06-28 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-285: Improper Authorization
- CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
- CWE-862: Missing Authorization
- CWE-939: Improper Authorization in Handler for Custom URL Scheme
- CWE-1220: Insufficient Granularity of Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11252 | 2021-10-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r1-s1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 20.4 Search vendor "Juniper" for product "Junos" and version "20.4" | r2 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx1500 Search vendor "Juniper" for product "Srx1500" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4100 Search vendor "Juniper" for product "Srx4100" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4200 Search vendor "Juniper" for product "Srx4200" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx4600 Search vendor "Juniper" for product "Srx4600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5400 Search vendor "Juniper" for product "Srx5400" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx550 Search vendor "Juniper" for product "Srx550" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5600 Search vendor "Juniper" for product "Srx5600" | - | - |
Safe
|
| Juniper Search vendor "Juniper" | Junos Search vendor "Juniper" for product "Junos" | 21.1 Search vendor "Juniper" for product "Junos" and version "21.1" | r1 |
Affected
| in | Juniper Search vendor "Juniper" | Srx5800 Search vendor "Juniper" for product "Srx5800" | - | - |
Safe
|