A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based malicious user to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions before 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions before 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos |
||
juniper junos 20.4 |
||
juniper junos 21.1 |
||
juniper junos 21.2 |
||
juniper junos 21.3 |
||
juniper junos 21.4 |
||
juniper junos 22.1 |
||
juniper junos 22.2 |
||
juniper junos 22.3 |
||
juniper junos 22.4 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Unauthenticated and remote code execution possible without dropping a file on disk
About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck. Juniper revealed and addressed five flaws, which affect all versions of Junos OS on SRX firewalls and EX Series switches, in an out-of-cycle security bulletin on August 17. The networking and security company updated the advisory on September 7, after securit...