CVE-2021-31386

Severity

53%

Complexity

16%

Confidentiality

60%

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S20; 15.1 versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2.

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

CVSS 3.1 Base Score 5.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N).

Overview

Type

Juniper

First reported 3 years ago

2021-10-19 19:15:00

Last updated 3 years ago

2021-10-25 17:17:00

Affected Software

Juniper JUNOS 12.3

12.3

Juniper Junos 12.3 R1

12.3

Juniper JunOS 12.3 R10

12.3

Juniper JUNOS 12.3 R10-S1

12.3

Juniper JUNOS 12.3 R10-S2

12.3

Juniper Junos 12.3 R11

12.3

Juniper JunOS 12.3 R12

12.3

Juniper JUNOS 12.3 R12-S1

12.3

Juniper JUNOS 12.3 R12-S11

12.3

Juniper JUNOS 12.3 R12-S12

12.3

Juniper JUNOS 12.3 R12-s13

12.3

Juniper JUNOS 12.3 R12-S14

12.3

Juniper JUNOS 12.3 R12-S15

12.3

Juniper JUNOS 12.3 R12-S3

12.3

Juniper JUNOS 12.3 R12-S4

12.3

Juniper JUNOS 12.3 R12-S6

12.3

Juniper Junos 12.3 R12-s8

12.3

Juniper Junos 12.3 R2

12.3

Juniper Junos 12.3 R3

12.3

Juniper Junos 12.3 R4

12.3

Juniper Junos 12.3 R5

12.3

Juniper Junos 12.3 R6

12.3

Juniper JUNOS 12.3R7

12.3

Juniper Junos 12.3 R8

12.3

Juniper JunOS 12.3 R9

12.3

Juniper Junos OS 15.1

15.1

Juniper Junos 15.1 A1

15.1

Juniper JUNOS 15.1 F

15.1

Juniper JunOS 15.1 F1

15.1

Juniper JunOS 15.1 F2

15.1

Juniper JunOS 15.1 F2-s1

15.1

Juniper Junos 15.1 F2-S2

15.1

Juniper Junos 15.1 F2-S3

15.1

Juniper Junos 15.1 F2-S4

15.1

Juniper Junos 15.1 F3

15.1

Juniper Junos 15.1 F4

15.1

Juniper Junos 15.1 F5

15.1

Juniper Junos 15.1 F5-S7

15.1

Juniper JUNOS 15.1 F6

15.1

Juniper JUNOS 15.1 F6-s1

15.1

Juniper Junos OS 15.1 F6-s12

15.1

Juniper JUNOS 15.1 F6-s2

15.1

Juniper JUNOS 15.1 F6-S3

15.1

Juniper Junos 15.1 F6-S4

15.1

Juniper Junos 15.1 F6-S7

15.1

Juniper JunOS 15.1 F7

15.1

Juniper Junos 15.1 R1

15.1

Juniper JunOS 15.1 R2

15.1

Juniper Junos 15.1 R3

15.1

Juniper JunOS 15.1 R4

15.1

Juniper Junos 15.1 R4-S7

15.1

Juniper Junos 15.1 R4-S8

15.1

Juniper Junos 15.1 R4-S9

15.1

Juniper JunOS 15.1 R5

15.1

Juniper Junos 15.1 R5-S1

15.1

Juniper Junos 15.1 R5-S5

15.1

Juniper JUNOS 15.1 R5-S6

15.1

Juniper JunOS 15.1 R6

15.1

Juniper Junos 15.1 R6-S1

15.1

Juniper JUNOS 15.1 R6-S2

15.1

Juniper Junos 15.1 R6-S6

15.1

Juniper Junos OS 15.1 R7

15.1

Juniper JUNOS 15.1 R7-S1

15.1

Juniper JUNOS 15.1 R7-S2

15.1

Juniper JUNOS 15.1 R7-S3

15.1

Juniper Junos OS 15.1 R7-s4

15.1

Juniper Junos OS 15.1 R7-s5

15.1

Juniper JUNOS 18.3

18.3

Juniper JUNOS 18.3 R1

18.3

Juniper JUNOS 18.3 R1-S1

18.3

Juniper JUNOS 18.3 R1-S2

18.3

Juniper JUNOS 18.3R1-S3

18.3

Juniper JUNOS 18.3 R1-S5

18.3

Juniper JUNOS 18.3 R1-S6

18.3

Juniper JUNOS 18.3 R2

18.3

Juniper JUNOS 18.3 R2-S1

18.3

Juniper JUNOS 18.3 R2-S2

18.3

Juniper JUNOS 18.3 R2-S3

18.3

Juniper JUNOS 18.3 R3

18.3

Juniper JUNOS 18.3 R3-S1

18.3

Juniper JUNOS 18.4

18.4

Juniper JunOS 18.4 R1

18.4

Juniper Junos OS 18.4 R1-S1

18.4

Juniper JUNOS 18.4R1-S2

18.4

Juniper JUNOS 18.4 R1-S5

18.4

Juniper JUNOS 18.4 R1-S6

18.4

Juniper JUNOS 18.4R2

18.4

Juniper JUNOS 18.4 R2-S1

18.4

Juniper JUNOS 18.4 R2-S2

18.4

Juniper JUNOS 18.4 R2-S3

18.4

Juniper JUNOS 18.4 R3

18.4

Juniper Junos OS 19.1

19.1

Juniper Junos OS 19.1 R1

19.1

Juniper Junos OS 19.1 R1-s1

19.1

Juniper JUNOS 19.1 R1-S2

19.1

Juniper JUNOS 19.1 R1-S3

19.1

Juniper JUNOS 19.1 R1-S4

19.1

Juniper Junos OS 19.1 R2

19.1

Juniper Junos OS 19.2

19.2

Juniper Junos OS 19.2 R1

19.2

Juniper JUNOS 19.2 R1-S1

19.2

Juniper JUNOS 19.2 R1-S2

19.2

Juniper JUNOS 19.2 R1-S3

19.2

Juniper JUNOS 19.3

19.3

Juniper JUNOS 19.3 R1

19.3

Juniper JUNOS 19.3 R1-S1

19.3

Juniper JUNOS 19.3 R2

19.3

Juniper JUNOS 19.3 R2-S1

19.3

Juniper JUNOS 19.3 R2-S2

19.3

Juniper JUNOS 19.4 R1

19.4

Juniper JUNOS 19.4 R1-S1

19.4

Juniper JUNOS 20.1 R1

20.1

References

https://kb.juniper.net/JSA11254

https://kb.juniper.net/JSA11254

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.