First published: Thu Apr 22 2021(Updated: )
A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper JUNOS | =19.3 | |
Juniper JUNOS | =19.3-r1 | |
Juniper JUNOS | =19.3-r1-s1 | |
Juniper JUNOS | =19.3-r2 | |
Juniper JUNOS | =19.3-r2-s1 | |
Juniper JUNOS | =19.3-r2-s2 | |
Juniper JUNOS | =19.3-r2-s3 | |
Juniper JUNOS | =19.3-r2-s4 | |
Juniper JUNOS | =19.3-r2-s5 | |
Juniper JUNOS | =19.3-r3 | |
Juniper JUNOS | =19.4-r1 | |
Juniper JUNOS | =19.4-r1-s1 | |
Juniper JUNOS | =19.4-r1-s2 | |
Juniper JUNOS | =19.4-r2 | |
Juniper JUNOS | =19.4-r2-s1 | |
Juniper JUNOS | =19.4-r2-s2 | |
Juniper JUNOS | =19.4-r2-s3 | |
Juniper JUNOS | =20.1-r1 | |
Juniper JUNOS | =20.1-r1-s1 | |
Juniper JUNOS | =20.1-r1-s2 | |
Juniper JUNOS | =20.1-r1-s3 | |
Juniper JUNOS | =20.2-r1 | |
Juniper JUNOS | =20.2-r1-s1 | |
Juniper JUNOS | =20.2-r1-s2 | |
Juniper vSRX | ||
Juniper Srx1500 | ||
Juniper Srx300 | ||
Juniper Srx320 | ||
Juniper Srx340 | ||
Juniper Srx345 | ||
Juniper Srx380 | ||
Juniper Srx4100 | ||
Juniper Srx4200 | ||
Juniper Srx4600 | ||
Juniper Srx5400 | ||
Juniper Srx550 | ||
Juniper Srx5600 | ||
Juniper Srx5800 |
The following software releases have been updated to resolve this specific issue: 19.3R2-S6, 19.3R3-S1, 19.4R2-S4, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1-S3, 20.2R2, 20.3R1, and all subsequent releases.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-0231 is a path traversal vulnerability in the Juniper Networks SRX and vSRX Series that may allow an authenticated J-web user to read sensitive system files.
Junos OS versions 19.3 prior to 19.3R2-S6, 19.3R3-S1 and 19.4 prior to 19.4R2-S4, 19.4R3 are affected by CVE-2021-0231.
An authenticated J-web user can exploit CVE-2021-0231 by performing a path traversal attack to read sensitive system files.
CVE-2021-0231 has a severity score of 6.5 (medium).
You can find more information about CVE-2021-0231 in the Juniper Networks Security Advisories page.