Vulnerability identifier: #VU27430

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-1631

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Juniper Junos OS
Operating systems & Components / Operating system

Vendor: Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the HTTP/HTTPS service used by J-Web. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note: Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with "world" readable file permission or obtain J-Web session tokens.  

Mitigation
Vendor recommends to update to the following fixed releases available for customer download: 12.3X48-D101, 15.1X49-D211, 18.2R3-S4, 18.4R3-S2, and 20.1R1-S1, the remaining fixed releases will be available in future time.

Vulnerable software versions

Juniper Junos OS: 12.3, 12.3x48 - 12.3X48-D100, 14.1x53 - 14.1X53-D130, 15.1 - 15.1R7-S5, 15.1X49-D210, 15.1X49 - 15.1X49-D200, 17.2 - 17.2R3-S3, 17.3 - 17.3R3-S7, 17.4 - 17.4R3-S1, 17.4R2-S9, 18.1 - 18.1R4, 18.2 - 18.2R3-S3, 18.3 - 18.3R3, 18.3R3-S1, 18.3R2-S3, 18.4 - 18.4R3-S1, 18.4R2-S3, 18.4R1-S5, 19.1R - 19.1R3, 19.1R1-S4, 19.2R1-S4, 19.2R1 - 19.2R1-S3, 19.3R2 - 19.3R2-S1, 19.3R1-S1, 19.3R1, 19.4R1, 20.1

---

External links
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&cat=SIRT_1&actp=LIST

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.