Session Smart Router: Authentication Bypass Vulnerability
CVE-2021-31349

9.8CRITICAL

Key Information:

Vendor: Juniper Networks
Status: 128 Technology Session Smart Router
Vendor: CVE Published:; 19 October 2021

Summary

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Affected Version(s)

128 Technology Session Smart Router < 4.5.11

128 Technology Session Smart Router 5.0 <= 5.0.1

References

https://kb.juniper.net/JSA11256

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2021
Vulnerability Reserved
Apr 15, 2021

Collectors

NVD DatabaseMitre Database

Credit

128 Technology was notified via the JVN community of the vulnerability as JVN#85073657.