Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveJuniperCVE-2021-31385
HistoryOct 19, 2021 - 7:15 p.m.

CVE-2021-31385

2021-10-1919:15:11
CWE-22
juniper
web.nvd.nist.gov
36
cve
2021
31385
path traversal
vulnerability
juniper
j-web
junos os
nvd
security
information security

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON

An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Affected configurations

Nvd
Node
juniperjunosMatch12.3-
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r10
OR
juniperjunosMatch12.3r10-s1
OR
juniperjunosMatch12.3r10-s2
OR
juniperjunosMatch12.3r11
OR
juniperjunosMatch12.3r12
OR
juniperjunosMatch12.3r12-s1
OR
juniperjunosMatch12.3r12-s10
OR
juniperjunosMatch12.3r12-s11
OR
juniperjunosMatch12.3r12-s12
OR
juniperjunosMatch12.3r12-s13
OR
juniperjunosMatch12.3r12-s14
OR
juniperjunosMatch12.3r12-s15
OR
juniperjunosMatch12.3r12-s16
OR
juniperjunosMatch12.3r12-s17
OR
juniperjunosMatch12.3r12-s18
OR
juniperjunosMatch12.3r12-s3
OR
juniperjunosMatch12.3r12-s4
OR
juniperjunosMatch12.3r12-s6
OR
juniperjunosMatch12.3r12-s8
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
OR
juniperjunosMatch15.1-
OR
juniperjunosMatch15.1a1
OR
juniperjunosMatch15.1f
OR
juniperjunosMatch15.1f1
OR
juniperjunosMatch15.1f2
OR
juniperjunosMatch15.1f2-s1
OR
juniperjunosMatch15.1f2-s2
OR
juniperjunosMatch15.1f2-s3
OR
juniperjunosMatch15.1f2-s4
OR
juniperjunosMatch15.1f3
OR
juniperjunosMatch15.1f4
OR
juniperjunosMatch15.1f5
OR
juniperjunosMatch15.1f5-s7
OR
juniperjunosMatch15.1f6
OR
juniperjunosMatch15.1f6-s1
OR
juniperjunosMatch15.1f6-s10
OR
juniperjunosMatch15.1f6-s12
OR
juniperjunosMatch15.1f6-s2
OR
juniperjunosMatch15.1f6-s3
OR
juniperjunosMatch15.1f6-s4
OR
juniperjunosMatch15.1f6-s5
OR
juniperjunosMatch15.1f6-s6
OR
juniperjunosMatch15.1f6-s7
OR
juniperjunosMatch15.1f6-s8
OR
juniperjunosMatch15.1f6-s9
OR
juniperjunosMatch15.1f7
OR
juniperjunosMatch15.1r
OR
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1r3
OR
juniperjunosMatch15.1r4
OR
juniperjunosMatch15.1r4-s7
OR
juniperjunosMatch15.1r4-s8
OR
juniperjunosMatch15.1r4-s9
OR
juniperjunosMatch15.1r5
OR
juniperjunosMatch15.1r5-s1
OR
juniperjunosMatch15.1r5-s3
OR
juniperjunosMatch15.1r5-s5
OR
juniperjunosMatch15.1r5-s6
OR
juniperjunosMatch15.1r6
OR
juniperjunosMatch15.1r6-s1
OR
juniperjunosMatch15.1r6-s2
OR
juniperjunosMatch15.1r6-s3
OR
juniperjunosMatch15.1r6-s4
OR
juniperjunosMatch15.1r6-s6
OR
juniperjunosMatch15.1r7
OR
juniperjunosMatch15.1r7-s1
OR
juniperjunosMatch15.1r7-s2
OR
juniperjunosMatch15.1r7-s3
OR
juniperjunosMatch15.1r7-s4
OR
juniperjunosMatch15.1r7-s5
OR
juniperjunosMatch15.1r7-s6
OR
juniperjunosMatch15.1r7-s7
OR
juniperjunosMatch15.1r7-s8
OR
juniperjunosMatch15.1r7-s9
OR
juniperjunosMatch18.3-
OR
juniperjunosMatch18.3r1
OR
juniperjunosMatch18.3r1-s1
OR
juniperjunosMatch18.3r1-s2
OR
juniperjunosMatch18.3r1-s3
OR
juniperjunosMatch18.3r1-s4
OR
juniperjunosMatch18.3r1-s5
OR
juniperjunosMatch18.3r1-s6
OR
juniperjunosMatch18.3r2
OR
juniperjunosMatch18.3r2-s1
OR
juniperjunosMatch18.3r2-s2
OR
juniperjunosMatch18.3r2-s3
OR
juniperjunosMatch18.3r2-s4
OR
juniperjunosMatch18.3r3
OR
juniperjunosMatch18.3r3-s1
OR
juniperjunosMatch18.3r3-s2
OR
juniperjunosMatch18.3r3-s3
OR
juniperjunosMatch18.3r3-s4
OR
juniperjunosMatch18.4-
OR
juniperjunosMatch18.4r1
OR
juniperjunosMatch18.4r1-s1
OR
juniperjunosMatch18.4r1-s2
OR
juniperjunosMatch18.4r1-s3
OR
juniperjunosMatch18.4r1-s4
OR
juniperjunosMatch18.4r1-s5
OR
juniperjunosMatch18.4r1-s6
OR
juniperjunosMatch18.4r1-s7
OR
juniperjunosMatch18.4r2
OR
juniperjunosMatch18.4r2-s1
OR
juniperjunosMatch18.4r2-s2
OR
juniperjunosMatch18.4r2-s3
OR
juniperjunosMatch18.4r2-s4
OR
juniperjunosMatch18.4r2-s5
OR
juniperjunosMatch18.4r2-s6
OR
juniperjunosMatch18.4r2-s7
OR
juniperjunosMatch18.4r2-s8
OR
juniperjunosMatch18.4r3
OR
juniperjunosMatch18.4r3-s1
OR
juniperjunosMatch18.4r3-s2
OR
juniperjunosMatch18.4r3-s3
OR
juniperjunosMatch18.4r3-s4
OR
juniperjunosMatch18.4r3-s5
OR
juniperjunosMatch18.4r3-s6
OR
juniperjunosMatch18.4r3-s7
OR
juniperjunosMatch18.4r3-s8
OR
juniperjunosMatch19.1-
OR
juniperjunosMatch19.1r1
OR
juniperjunosMatch19.1r1-s1
OR
juniperjunosMatch19.1r1-s2
OR
juniperjunosMatch19.1r1-s3
OR
juniperjunosMatch19.1r1-s4
OR
juniperjunosMatch19.1r1-s5
OR
juniperjunosMatch19.1r1-s6
OR
juniperjunosMatch19.1r2
OR
juniperjunosMatch19.1r2-s1
OR
juniperjunosMatch19.1r2-s2
OR
juniperjunosMatch19.1r3
OR
juniperjunosMatch19.1r3-s1
OR
juniperjunosMatch19.1r3-s2
OR
juniperjunosMatch19.1r3-s3
OR
juniperjunosMatch19.1r3-s4
OR
juniperjunosMatch19.1r3-s5
OR
juniperjunosMatch19.2-
OR
juniperjunosMatch19.2r1
OR
juniperjunosMatch19.2r1-s1
OR
juniperjunosMatch19.2r1-s2
OR
juniperjunosMatch19.2r1-s3
OR
juniperjunosMatch19.2r1-s4
OR
juniperjunosMatch19.2r1-s5
OR
juniperjunosMatch19.2r1-s6
OR
juniperjunosMatch19.2r2
OR
juniperjunosMatch19.2r2-s1
OR
juniperjunosMatch19.2r3
OR
juniperjunosMatch19.2r3-s1
OR
juniperjunosMatch19.2r3-s2
OR
juniperjunosMatch19.3-
OR
juniperjunosMatch19.3r1
OR
juniperjunosMatch19.3r1-s1
OR
juniperjunosMatch19.3r2
OR
juniperjunosMatch19.3r2-s1
OR
juniperjunosMatch19.3r2-s2
OR
juniperjunosMatch19.3r2-s3
OR
juniperjunosMatch19.3r2-s4
OR
juniperjunosMatch19.3r2-s5
OR
juniperjunosMatch19.3r3
OR
juniperjunosMatch19.3r3-s1
OR
juniperjunosMatch19.3r3-s2
OR
juniperjunosMatch19.4r1
OR
juniperjunosMatch19.4r1-s1
OR
juniperjunosMatch19.4r1-s2
OR
juniperjunosMatch19.4r1-s3
OR
juniperjunosMatch19.4r2
OR
juniperjunosMatch19.4r2-s1
OR
juniperjunosMatch19.4r2-s2
OR
juniperjunosMatch19.4r2-s3
OR
juniperjunosMatch19.4r2-s4
OR
juniperjunosMatch19.4r3
OR
juniperjunosMatch19.4r3-s1
OR
juniperjunosMatch19.4r3-s2
OR
juniperjunosMatch19.4r3-s3
OR
juniperjunosMatch19.4r3-s4
OR
juniperjunosMatch20.1r1
OR
juniperjunosMatch20.1r1-s1
OR
juniperjunosMatch20.1r1-s2
OR
juniperjunosMatch20.1r1-s3
OR
juniperjunosMatch20.1r1-s4
OR
juniperjunosMatch20.1r2
OR
juniperjunosMatch20.1r2-s1
OR
juniperjunosMatch20.1r3
OR
juniperjunosMatch20.2r1
OR
juniperjunosMatch20.2r1-s1
OR
juniperjunosMatch20.2r1-s2
OR
juniperjunosMatch20.2r1-s3
OR
juniperjunosMatch20.2r2
OR
juniperjunosMatch20.2r2-s1
OR
juniperjunosMatch20.2r2-s2
OR
juniperjunosMatch20.2r2-s3
OR
juniperjunosMatch20.2r3
OR
juniperjunosMatch20.2r3-s1
OR
juniperjunosMatch20.3r1
OR
juniperjunosMatch20.3r1-s1
OR
juniperjunosMatch20.3r2
OR
juniperjunosMatch20.3r2-s1
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch21.1r1
VendorProductVersionCPE
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*
juniperjunos12.3cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*
Rows per page:
1-10 of 2111

CNA Affected

[
  {
    "platforms": [
      "EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.3R12-S19",
        "status": "affected",
        "version": "12.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1R7-S10",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R3-S5",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R3-S9",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R3-S6",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S7, 19.2R3-S3",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S3",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R3-S5",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R2-S2, 20.1R3-S1",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S2",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R2-S1, 20.4R3",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R1-S1, 21.1R2",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
nvd 1
prion 1
cvelist 1
nessus
nessus
Juniper Junos OS Vulnerability (JSA11253)
2022-06-08 00:00:00
nvd
nvd
CVE-2021-31385
2021-10-19 19:15:11
prion
prion
Path traversal
2021-10-19 19:15:00
cvelist
cvelist
CVE-2021-31385 Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root
2021-10-19 18:17:30

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

47.8%

JSON
Related for CVE-2021-31385
nessus1nvd1prion1cvelist1