CVE-2021-31349

Summary

The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.

Affected Software

VendorProductVersion RangeStatus
Juniper Networks128 Technology Session Smart Routerunspecified < 4.5.11affected
Juniper Networks128 Technology Session Smart Router5.0 <= 5.0.1affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

Workarounds

While no workarounds exist for this vulnerability, risk exposure can be mitigated. HTTP access to the SSR occurs on TCP port 443. It is recommended to install firewall rules to permit access only from trusted IP addresses.

ADP Enrichment

CVE Program Container

Additional References

References