CVE-2021-31385 — Path Traversal in Networks Junos OS

CWE-22 — Path Traversal4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 19

Latest updateMay 24

Description

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions pr…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os12.3 — 12.3R12-S19+12

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-7hfm-wr9w-6fgj: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-p↗2022-05-24

▶

CVEList

Junos OS: J-Web: A path traversal vulnerability allows an authenticated attacker to elevate their privileges to root↗2021-10-19

▶

📋Vendor Advisories

Juniper

CVE-2021-31385: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-p↗2021-10-19

▶