Lucene search

JuniperCVE-2024-21619

HistoryJan 25, 2024 - 11:15 p.m.

CVE-2024-21619

2024-01-2523:15:09

CWE-306

CWE-209

juniper

web.nvd.nist.gov

cve-2024-21619

juniper networks

junos os

srx series

ex series

missing authentication

information leakage

vulnerability

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information.

When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information.

This issue affects Juniper Networks Junos OS on SRX Series and EX Series:

All versions earlier than 20.4R3-S9;
21.2 versions earlier than 21.2R3-S7;
21.3 versions earlier than 21.3R3-S5;
21.4 versions earlier than 21.4R3-S6;
22.1 versions earlier than 22.1R3-S5;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S2;
22.4 versions earlier than 22.4R3;
23.2 versions earlier than 23.2R1-S2, 23.2R2.

Affected configurations

Nvd

Node

juniperex_redundant_power_systemMatch-

juniperex_rpsMatch-

juniperex2200Match-

juniperex2200-cMatch-

juniperex2200-vcMatch-

juniperex2300Match-

juniperex2300-24mpMatch-

juniperex2300-24pMatch-

juniperex2300-24tMatch-

juniperex2300-48mpMatch-

juniperex2300-48pMatch-

juniperex2300-48tMatch-

juniperex2300-cMatch-

juniperex2300_multigigabitMatch-

juniperex2300mMatch-

juniperex3200Match-

juniperex3300Match-

juniperex3300-vcMatch-

juniperex3400Match-

juniperex4100Match-

juniperex4100-fMatch-

juniperex4100_multigigabitMatch-

juniperex4200Match-

juniperex4200-vcMatch-

juniperex4300Match-

juniperex4300-24pMatch-

juniperex4300-24p-sMatch-

juniperex4300-24tMatch-

juniperex4300-24t-sMatch-

juniperex4300-32fMatch-

juniperex4300-32f-dcMatch-

juniperex4300-32f-sMatch-

juniperex4300-48mpMatch-

juniperex4300-48mp-sMatch-

juniperex4300-48pMatch-

juniperex4300-48p-sMatch-

juniperex4300-48tMatch-

juniperex4300-48t-afiMatch-

juniperex4300-48t-dcMatch-

juniperex4300-48t-dc-afiMatch-

juniperex4300-48t-sMatch-

juniperex4300-48tafiMatch-

juniperex4300-48tdcMatch-

juniperex4300-48tdc-afiMatch-

juniperex4300-mpMatch-

juniperex4300-vcMatch-

juniperex4300_multigigabitMatch-

juniperex4300mMatch-

juniperex4400Match-

juniperex4400-24xMatch-

juniperex4400_multigigabitMatch-

juniperex4500Match-

juniperex4500-vcMatch-

juniperex4550Match-

juniperex4550-vcMatch-

juniperex4550\/vcMatch-

juniperex4600Match-

juniperex4600-vcMatch-

juniperex4650Match-

juniperex6200Match-

juniperex6210Match-

juniperex8200Match-

juniperex8200-vcMatch-

juniperex8208Match-

juniperex8216Match-

juniperex9200Match-

juniperex9204Match-

juniperex9208Match-

juniperex9214Match-

juniperex9250Match-

juniperex9251Match-

juniperex9253Match-

junipersrx100Match-

junipersrx110Match-

junipersrx1400Match-

junipersrx1500Match-

junipersrx1600Match-

junipersrx210Match-

junipersrx220Match-

junipersrx2300Match-

junipersrx240Match-

junipersrx240h2Match-

junipersrx240mMatch-

junipersrx300Match-

junipersrx320Match-

junipersrx340Match-

junipersrx3400Match-

junipersrx345Match-

junipersrx3600Match-

junipersrx380Match-

junipersrx4000Match-

junipersrx4100Match-

junipersrx4200Match-

junipersrx4300Match-

junipersrx4600Match-

junipersrx4700Match-

junipersrx5000Match-

junipersrx5400Match-

junipersrx550Match-

junipersrx550_hmMatch-

junipersrx550mMatch-

junipersrx5600Match-

junipersrx5800Match-

junipersrx650Match-

AND

juniperjunosRange<20.4

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch20.4r3-s4

juniperjunosMatch20.4r3-s5

juniperjunosMatch20.4r3-s6

juniperjunosMatch20.4r3-s7

juniperjunosMatch20.4r3-s8

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.2r3-s2

juniperjunosMatch21.2r3-s3

juniperjunosMatch21.2r3-s4

juniperjunosMatch21.2r3-s5

juniperjunosMatch21.2r3-s6

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.3r3

juniperjunosMatch21.3r3-s1

juniperjunosMatch21.3r3-s2

juniperjunosMatch21.3r3-s3

juniperjunosMatch21.3r3-s4

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch21.4r2-s1

juniperjunosMatch21.4r2-s2

juniperjunosMatch21.4r3

juniperjunosMatch21.4r3-s1

juniperjunosMatch21.4r3-s2

juniperjunosMatch21.4r3-s3

juniperjunosMatch21.4r3-s4

juniperjunosMatch21.4r3-s5

juniperjunosMatch22.1-

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.1r1-s2

juniperjunosMatch22.1r2

juniperjunosMatch22.1r2-s1

juniperjunosMatch22.1r2-s2

juniperjunosMatch22.1r3

juniperjunosMatch22.1r3-s1

juniperjunosMatch22.1r3-s2

juniperjunosMatch22.1r3-s3

juniperjunosMatch22.1r3-s4

juniperjunosMatch22.2-

juniperjunosMatch22.2r1

juniperjunosMatch22.2r1-s1

juniperjunosMatch22.2r1-s2

juniperjunosMatch22.2r2

juniperjunosMatch22.2r2-s1

juniperjunosMatch22.2r2-s2

juniperjunosMatch22.2r3

juniperjunosMatch22.2r3-s1

juniperjunosMatch22.2r3-s2

juniperjunosMatch22.3-

juniperjunosMatch22.3r1

juniperjunosMatch22.3r1-s1

juniperjunosMatch22.3r1-s2

juniperjunosMatch22.3r2

juniperjunosMatch22.3r2-s1

juniperjunosMatch22.3r2-s2

juniperjunosMatch22.3r3

juniperjunosMatch22.3r3-s1

juniperjunosMatch22.4-

juniperjunosMatch22.4r1

juniperjunosMatch22.4r1-s1

juniperjunosMatch22.4r1-s2

juniperjunosMatch22.4r2

juniperjunosMatch22.4r2-s1

juniperjunosMatch22.4r2-s2

juniperjunosMatch23.2-

juniperjunosMatch23.2r1

juniperjunosMatch23.2r1-s1

VendorProductVersionCPE
juniperex_redundant_power_system-cpe:2.3:h:juniper:ex_redundant_power_system:-:*:*:*:*:*:*:*
juniperex_rps-cpe:2.3:h:juniper:ex_rps:-:*:*:*:*:*:*:*
juniperex2200-cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:*
juniperex2200-c-cpe:2.3:h:juniper:ex2200-c:-:*:*:*:*:*:*:*
juniperex2200-vc-cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:*
juniperex2300-cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*
juniperex2300-24mp-cpe:2.3:h:juniper:ex2300-24mp:-:*:*:*:*:*:*:*
juniperex2300-24p-cpe:2.3:h:juniper:ex2300-24p:-:*:*:*:*:*:*:*
juniperex2300-24t-cpe:2.3:h:juniper:ex2300-24t:-:*:*:*:*:*:*:*
juniperex2300-48mp-cpe:2.3:h:juniper:ex2300-48mp:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	ex_redundant_power_system	-	cpe:2.3:h:juniper:ex_redundant_power_system:-:::::::*
juniper	ex_rps	-	cpe:2.3:h:juniper:ex_rps:-:::::::*
juniper	ex2200	-	cpe:2.3:h:juniper:ex2200:-:::::::*
juniper	ex2200-c	-	cpe:2.3:h:juniper:ex2200-c:-:::::::*
juniper	ex2200-vc	-	cpe:2.3:h:juniper:ex2200-vc:-:::::::*
juniper	ex2300	-	cpe:2.3:h:juniper:ex2300:-:::::::*
juniper	ex2300-24mp	-	cpe:2.3:h:juniper:ex2300-24mp:-:::::::*
juniper	ex2300-24p	-	cpe:2.3:h:juniper:ex2300-24p:-:::::::*
juniper	ex2300-24t	-	cpe:2.3:h:juniper:ex2300-24t:-:::::::*
juniper	ex2300-48mp	-	cpe:2.3:h:juniper:ex2300-48mp:-:::::::*

Rows per page:

1-10 of 2001

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series",
      "EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S7",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S6",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S5",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S2",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA76390

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

Related for CVE-2024-21619