Path traversal in Juniper Junos OS - CVE-2021-31385
Published: January 17, 2022
Vulnerability identifier: #VU59635
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-31385
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in J-Web. A remote low-privileged user can send a specially crafted HTTP request and read arbitrary files on the system.
Successful vulnerability exploitation may allow an attacker to execute arbitrary code with root privileges.
Remediation
Install update from vendor's website.