CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
83.9%
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to user.php that doesnāt require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of theĀ file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
prior to
21.3R3-S5;
prior to
21.4R3-S5;
prior to
22.1R3-S3;
prior to
22.2R3-S2;
prior to
22.3R2-S2, 22.3R3;
prior to
22.4R2-S1, 22.4R3.
Vendor | Product | Version | CPE |
---|---|---|---|
juniper | srx100 | - | cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:* |
juniper | srx110 | - | cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:* |
juniper | srx1400 | - | cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:* |
juniper | srx1500 | - | cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* |
juniper | srx210 | - | cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:* |
juniper | srx220 | - | cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:* |
juniper | srx240 | - | cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:* |
juniper | srx240h2 | - | cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:* |
juniper | srx240m | - | cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:* |
juniper | srx300 | - | cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
83.9%