Juniper Junos OS Vulnerability (JSA100098)

🗓️ 07 Oct 2025 00:00:00Reported by TenableType

Incorrect Authorization in Junos OS web server on SRX allows unauthenticated access to J-Web when Secure Connect is enabled.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-6549	11 Jul 202516:20	–	circl
CNNVD	Juniper Networks Junos OS 安全漏洞	11 Jul 202500:00	–	cnnvd
CVE	CVE-2025-6549	11 Jul 202515:11	–	cve
Cvelist	CVE-2025-6549 Junos OS: SRX Series: J-Web can be exposed on additional interfaces	11 Jul 202515:11	–	cvelist
EUVD	EUVD-2025-21166	3 Oct 202520:07	–	euvd
NVD	CVE-2025-6549	11 Jul 202516:15	–	nvd
OSV	CVE-2025-6549	11 Jul 202516:15	–	osv
Positive Technologies	PT-2025-29259 · Juniper Networks · J-Web +2	9 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-6549	13 Jul 202515:20	–	redhatcve
Vulnrichment	CVE-2025-6549 Junos OS: SRX Series: J-Web can be exposed on additional interfaces	11 Jul 202515:11	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 36cab2cb28a2093137e95f60036a10f7d1efb0866396f96e28f499fc0aa4008b215e80560ed1f612ecae1165638af7a09770964a0eafdee766fc0620115eb30f152a77921c181587267d14581091c35003ae8611de85864dc7b9142b59269cb805b34e7bc9d316bc110938c248664814931ae90a5a862a1818a3e3089dca68baf774836a2825fa37611c6521cd343a0e033dc74f2e26b0dff1c4398c9e77d16da6aaa0f851223798392938cdb7b78e2f4f9ce6b68caed84ad93f0b75d2f080cf8ea35a8d696c29690289ac814d9388e0371f136e9209a594c6698ac26e18d8eacc9729c49569c94cac9de77888c8021d7ee4b6a03f29c8512cda8299c0ada063aa1b06b1962d093e28b0925e37186924a847029a33024c2bd9cb3ef4f11b9fa61a4ef6ebd074c03c38993703f43188ca77252708fecfc4d02a656149dd6529a2ed834b2d62eb25b2da6b5cf5e5176f99fcb2de45ab37eccd43f54d3021a9bba07a24f3eeb9c1f74d0ba3e33fb889214284fa2fffd7c5cf496d1e68d4692d7fbfcd1fecb007433f7fa36646ffb8e2281ef4970fa1415e8d68433c95516406595046196d4a68a3e35d053df59502eadc3cac22f34f35f43978f971bbe89e4ad8922a8987940454992d535985bd18a98eea5fb1b600db3d09eef348da06e01458d738703e562eb0e3ba17a7d27337c4606335ab419b23fcf99294fa25fc729a138b
#TRUST-RSA-SHA256 6fb3756fb9643cf61f099c02c25e98b75f5bb45fbd0285098dbe3596dbd9666964335e6475deed514f42a7e17fe5bdf9b909ab2d46e3cbde401b16d3a1e72f0b9633147cfdeedb570875e82572d7968a1eb91f10c6e10675a6b2c8d78b12b4f931b89030310566bcbb8eb026d7f561640949e41f9af0adee7d54465315e4eb403c4eea712390d6ea1c377f3c32d449130dfca7c21ea8b0543ebd69bfd48c8efde7fc73770883d611847217d5c46d96c5606dbfa139030173e8c04a4ef9b219f0a666d29574efd9037cdd09b4e851fc16b29cf94fcc3dbc836c676ed193546f00a8b6622f89295ab5e0109f8f53e3c3d11e9c6b0e8170a99574b35239fadc472df4a4f6c8fa89a15a2a74f576b06685322cddc44a3d7191603a345811c5b014fa3a7f3e803a59f4de8e348ceabbc42c0c8f17f740b63f8683713c099798db057e4b0ca1ce797b368d35e9a51525780a987361919966b330102f0f5f9c400ffda4c0d165452b8021fd7036065b03ba62ae6517aa5109e8ef7142b256e6b57269d846fd9489d13dcb476e6a14426863fff839cde9f15919d3f793cb19067bbfbafb648dec06452ef394090762d13f17bf6a49bdead51d9e1f5938638027540c7a359df04d8f6619b21b9a0b9e2eb5cbfbb66d61f92e4765d571ba374922191d11320b6e2e94723e2da59b96c39e13c0ad067d2a41118c4d9a39d0207cdf1b993efa
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(269213);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/07");

  script_cve_id("CVE-2025-6549");
  script_xref(name:"JSA", value:"JSA100098");

  script_name(english:"Juniper Junos OS Vulnerability (JSA100098)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100098
advisory.

  - An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series
    allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When
    Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for
    J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: *
    all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2
    versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.
    (CVE-2025-6549)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d8f02a61");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA100098");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:U/RE:M");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-6549");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');


var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'0.0',  'fixed_ver':'21.4R3-S9'},
  {'min_ver':'22.2', 'fixed_ver':'22.2R3-S5'},
  {'min_ver':'22.4', 'fixed_ver':'22.4R3-S5'},
  {'min_ver':'23.2', 'fixed_ver':'23.2R2-S3'},
  {'min_ver':'23.4', 'fixed_ver':'23.4R2-S5'},
  {'min_ver':'24.2', 'fixed_ver':'24.2R2'}
];

var override = TRUE;
var buf = junos_command_kb_item(cmd:'show configuration | display set');
var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
if (buf)
{
  var conf1 = junos_check_config(buf:buf, pattern:"^set system services web-management (http|https) interface(?:.*\\n)*?.*set system services web-management (http|https) interface");
  var conf2 = junos_check_config(buf:buf, pattern:"^set security ike gateway\\s+\\S+\\s+external-interface\\s+\\S+(?:.*\\n)*?.*set security ike gateway\\s+\\S+\\s+external-interface");
  if (!(conf1 || conf2))
    audit(AUDIT_OS_CONF_NOT_VULN, 'Junos OS');
  override = FALSE;
}


junos_report(ver:ver, fix:fix, override:override, severity:SECURITY_WARNING);

07 Oct 2025 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.5

CVSS 46.9

EPSS0.00231

SSVC

junos os srx series web server j web incorrect authorization unauthenticated access secure connect interfaces