CVE-2021-0269
published 2021-04-22CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | j-web | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | >= 18.1 < 18.1R3-S12 | 18.1R3-S12 |
| juniper_networks | junos_os | >= 18.2 < 18.2R3-S6 | 18.2R3-S6 |
| juniper_networks | junos_os | >= 18.3 < 18.3R3-S4 | 18.3R3-S4 |
| juniper_networks | junos_os | >= 18.4 < 18.4R3-S6 | 18.4R3-S6 |
| juniper_networks | junos_os | >= 19.1 < 19.1R3-S4 | 19.1R3-S4 |
| juniper_networks | junos_os | >= 19.2 < 19.2R3-S1 | 19.2R3-S1 |
| juniper_networks | junos_os | >= 19.3 < 19.3R3-S1 | 19.3R3-S1 |
| juniper_networks | junos_os | >= 19.4 < 19.4R2-S2, 19.4R3 | 19.4R2-S2, 19.4R3 |
| juniper_networks | junos_os | >= 20.1 < 20.1R2 | 20.1R2 |
| juniper_networks | junos_os | >= 20.2 < 20.2R2 | 20.2R2 |
| juniper_networks | junos_os | >= unspecified < 17.4R3-S3 | 17.4R3-S3 |
GHSA
GHSA-jf9f-q955-wjwx: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac
ghsa_unreviewed·2022-05-24
CVE-2021-0269 [HIGH] GHSA-jf9f-q955-wjwx: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac
The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.3 versions prio
Juniper
CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac
vendor_juniper·2021-04-22·CVSS 8.8
CVE-2021-0269 [HIGH] CWE-233 CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac
CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attacker may be able to transition victims to malicious web services, or exfiltrate sensitive information from otherwise secure web forms. This issue affects: Juniper Networks Junos OS: All versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S6; 18.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-22
Published