CVE-2021-31349 - OpenCVE

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	128 Technology Session Smart Router 128 Technology Session Smart Router Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:128_technology_session_smart_router_firmware::::::::
	cpe:2.3:o:juniper:128_technology_session_smart_router_firmware::::::::

cpe:2.3:h:juniper:128_technology_session_smart_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.juniper.net/JSA11256

History

No history.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2021-10-19T18:16:28.461957Z

Updated: 2024-09-16T23:10:43.606Z

Reserved: 2021-04-15T00:00:00

Link: CVE-2021-31349

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-19T19:15:08.477

Modified: 2022-10-25T15:32:54.757

Link: CVE-2021-31349

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "128 Technology Session Smart Router", "vendor": "Juniper Networks", "versions": [{"lessThan": "4.5.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "5.0.1", "status": "affected", "version": "5.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "128 Technology was notified via the JVN community of the vulnerability as JVN#85073657."}], "datePublic": "2021-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-19T18:16:28", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA11256"}], "solutions": [{"lang": "en", "value": "128 Technology has released software updates that address the vulnerability described in this advisory. \n\nFixed Releases:\nThe following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases.\nCustomers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later.\n\nInstructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading ."}], "source": {"advisory": "JSA11256", "defect": ["I95-41227"], "discovery": "EXTERNAL"}, "title": "Session Smart Router: Authentication Bypass Vulnerability", "workarounds": [{"lang": "en", "value": "While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2021-10-13T16:00:00.000Z", "ID": "CVE-2021-31349", "STATE": "PUBLIC", "TITLE": "Session Smart Router: Authentication Bypass Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "128 Technology Session Smart Router", "version": {"version_data": [{"version_affected": "<", "version_value": "4.5.11"}, {"version_affected": "<=", "version_name": "5.0", "version_value": "5.0.1"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "credit": [{"lang": "eng", "value": "128 Technology was notified via the JVN community of the vulnerability as JVN#85073657."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287 Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA11256", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA11256"}]}, "solution": [{"lang": "en", "value": "128 Technology has released software updates that address the vulnerability described in this advisory. \n\nFixed Releases:\nThe following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases.\nCustomers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later.\n\nInstructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading ."}], "source": {"advisory": "JSA11256", "defect": ["I95-41227"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:55:53.493Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA11256"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2021-31349", "datePublished": "2021-10-19T18:16:28.461957Z", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-09-16T23:10:43.606Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:128_technology_session_smart_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72C7EC3E-205A-451F-8137-9F634C2448D1", "versionEndExcluding": "4.5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:128_technology_session_smart_router_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA941208-3FD3-473B-BEEC-56039276B965", "versionEndIncluding": "5.0.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:128_technology_session_smart_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "06277EBD-B1A7-43F5-8FBE-1A057C32A939", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1."}, {"lang": "es", "value": "El uso de un encabezado HTTP interno cre\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n (CWE-287), que permite a un atacante visualizar archivos internos, cambiar la configuraci\u00f3n, manipular servicios y ejecutar c\u00f3digo arbitrario. Este problema afecta a todas las versiones de Juniper Networks 128 Technology Session Smart Router anteriores a 4.5.11 y a todas las versiones de la 5.0 hasta la 5.0.1 incluy\u00e9ndola"}], "id": "CVE-2021-31349", "lastModified": "2022-10-25T15:32:54.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2021-10-19T19:15:08.477", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA11256"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "sirt@juniper.net", "type": "Secondary"}]}