CVE-2021-31349: Session Smart Router: Authentication Bypass Vulnerability
First published: Wed Oct 13 2021(Updated: )
The usage of an internal HTTP header created an authentication bypass vulnerability (CWE-287), allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11, and all versions of 5.0 up to and including 5.0.1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper 128 Technology Session Smart Router Firmware | <4.5.11 | |
| Juniper 128 Technology Session Smart Router Firmware | >=5.0.0<=5.0.1 | |
| Juniper 128 Technology Session Smart Router |
Remedy
128 Technology has released software updates that address the vulnerability described in this advisory. Fixed Releases: The following 128T software patches have been released to resolve this specific issue: 4.5.11, 5.1.0, and all subsequent releases. Customers who are running 5.0.0 or 5.0.1 should upgrade to 5.1.6 or later. Instructions for upgrading the 128T Networking Platform can be found at https://docs.128technology.com/docs/intro_upgrading .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/title
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper 128 technology session smart router firmware
- version/juniper 128 technology session smart router firmware/5.0.0
- version/juniper 128 technology session smart router firmware/5.0.1
- canonical/juniper 128 technology session smart router