CVE-2021-0231

A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.juniper.net/JSA11126	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:19.3:-::::::
	cpe:2.3:o:juniper:junos:19.3:r1::::::
	cpe:2.3:o:juniper:junos:19.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:19.3:r2::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s2::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s3::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s4::::::
	cpe:2.3:o:juniper:junos:19.3:r2-s5::::::
	cpe:2.3:o:juniper:junos:19.3:r3::::::
	cpe:2.3:o:juniper:junos:19.4:r1::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:19.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:19.4:r2::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:19.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:20.1:r1::::::
	cpe:2.3:o:juniper:junos:20.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:20.1:r1-s3::::::
	cpe:2.3:o:juniper:junos:20.2:r1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:20.2:r1-s2::::::

OR	cpe:2.3:a:juniper:vsrx:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

History

27 Apr 2021, 16:55

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : 6.8 v3 : 6.5
References	~~(MISC) https://kb.juniper.net/JSA11126 -~~	(MISC) https://kb.juniper.net/JSA11126 - Vendor Advisory
CWE		CWE-22
CPE		cpe:2.3:o:juniper:junos:20.1:r1:::::: cpe:2.3:o:juniper:junos:19.4:r2:::::: cpe:2.3:a:juniper:vsrx:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:o:juniper:junos:19.3:r1-s1:::::: cpe:2.3:o:juniper:junos:19.4:r2-s3:::::: cpe:2.3:o:juniper:junos:19.4:r1-s1:::::: cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:o:juniper:junos:19.3:r1:::::: cpe:2.3:o:juniper:junos:19.3:r2-s4:::::: cpe:2.3:o:juniper:junos:20.1:r1-s1:::::: cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:o:juniper:junos:20.2:r1:::::: cpe:2.3:o:juniper:junos:19.3:r2:::::: cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:o:juniper:junos:19.4:r2-s1:::::: cpe:2.3:o:juniper:junos:19.4:r2-s2:::::: cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:o:juniper:junos:20.1:r1-s3:::::: cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:o:juniper:junos:19.3:r2-s2:::::: cpe:2.3:o:juniper:junos:19.3:r2-s3:::::: cpe:2.3:o:juniper:junos:19.3:r2-s5:::::: cpe:2.3:o:juniper:junos:20.2:r1-s2:::::: cpe:2.3:o:juniper:junos:19.3:-:::::: cpe:2.3:o:juniper:junos:19.4:r1-s2:::::: cpe:2.3:o:juniper:junos:19.3:r3:::::: cpe:2.3:o:juniper:junos:19.3:r2-s1:::::: cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:o:juniper:junos:19.4:r1:::::: cpe:2.3:h:juniper:srx550:-:::::::* cpe:2.3:o:juniper:junos:20.1:r1-s2:::::: cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:o:juniper:junos:20.2:r1-s1:::::: cpe:2.3:h:juniper:srx5600:-:::::::*

22 Apr 2021, 20:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-04-22 20:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-0231

Mitre link : CVE-2021-0231

CVE.ORG link : CVE-2021-0231

JSON object : View

Products Affected

juniper

srx1500
srx300
srx340
srx5800
srx5400
srx380
junos
srx4200
srx4600
srx5600
srx320
srx345
srx4100
srx550
vsrx

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-0231

6.5^/10

6.8^/10

Attach tags to `CVE-2021-0231`