CVE-2021-0269Improper Handling of Parameters in Networks Junos OS

CWE-233Improper Handling of Parameters4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious actions against a target device when a user is authenticated to J-Web. An attacker may be able to supersede existing parameters, including hardcoded parameters within the HTTP/S session, access and exploit variables, bypass web application firewall rules or input validation mechanisms, and otherwise alter and modify J-Web's normal behavior. An attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified17.4R3-S3+10
NVDjuniper/junos11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-jf9f-q955-wjwx: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac2022-05-24
CVEList
Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0269: The improper handling of client-side parameters in J-Web of Juniper Networks Junos OS allows an attacker to perform a number of different malicious ac2021-04-22
CVE-2021-0269 — Improper Handling of Parameters | cvebase