Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-0296 (GCVE-0-2021-0296)
Vulnerability from cvelistv5 – Published: 2021-10-19 18:16 – Updated: 2024-09-17 02:47
VLAI?
EPSS
Summary
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
Severity ?
7.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | CTPView |
Affected:
7.3 , < 7.3R7
(custom)
Affected: 9.1 , < 9.1R3 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:32:10.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTPView",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "7.3R7",
"status": "affected",
"version": "7.3",
"versionType": "custom"
},
{
"lessThan": "9.1R3",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:22",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11210"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: CTPView 7.3R7-1, 9.1R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11210",
"defect": [
"1544758"
],
"discovery": "INTERNAL"
},
"title": "CTPView: HSTS not being enforced on CTPView server.",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the system via HTTP only from trusted, administrative networks or hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0296",
"STATE": "PUBLIC",
"TITLE": "CTPView: HSTS not being enforced on CTPView server."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTPView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3R7"
},
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11210",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11210"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: CTPView 7.3R7-1, 9.1R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11210",
"defect": [
"1544758"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the system via HTTP only from trusted, administrative networks or hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-0296",
"datePublished": "2021-10-19T18:16:22.103370Z",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-09-17T02:47:22.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3B2B00B-0003-4CB2-915A-476ADE94E965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D44422DD-33A8-4134-9E20-F792F5E42BB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D9F9989-F026-4A9F-864F-FBE223075909\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCD3F4E5-86FC-42D9-B00D-2CCD6C0B05A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFAA3BFF-4E4B-42B1-AE85-0C8ED2124124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:7.3:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"13444098-AA31-42DE-BAD2-ACF27AC2398D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:9.1:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE8973E-116D-4F67-A24A-AB89D665ED46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:juniper:ctpview:9.1:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"38CBBA45-F4B2-4459-A7E3-EECDF68498B6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.\"}, {\"lang\": \"es\", \"value\": \"El servidor CTPView de Juniper Networks no est\\u00e1 aplicando HTTP Strict Transport Security (HSTS). HSTS es un encabezado de respuesta opcional que permite a los servidores indicar que el contenido del dominio solicitado s\\u00f3lo se servir\\u00e1 a trav\\u00e9s de HTTPS. La falta de HSTS puede hacer que el sistema sea vulnerable a ataques de degradaci\\u00f3n, a ataques de tipo man-in-the-middle de supresi\\u00f3n de SSL y debilita las protecciones contra el secuestro de cookies. Este problema afecta a CTPView de Juniper Networks: Versiones 7.3 anteriores a 7.3R7; versiones 9.1 anteriores a 9.1R3\"}]",
"id": "CVE-2021-0296",
"lastModified": "2024-11-21T05:42:25.817",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-10-19T19:15:08.227",
"references": "[{\"url\": \"https://kb.juniper.net/JSA11210\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://kb.juniper.net/JSA11210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-0296\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2021-10-19T19:15:08.227\",\"lastModified\":\"2024-11-21T05:42:25.817\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.\"},{\"lang\":\"es\",\"value\":\"El servidor CTPView de Juniper Networks no est\u00e1 aplicando HTTP Strict Transport Security (HSTS). HSTS es un encabezado de respuesta opcional que permite a los servidores indicar que el contenido del dominio solicitado s\u00f3lo se servir\u00e1 a trav\u00e9s de HTTPS. La falta de HSTS puede hacer que el sistema sea vulnerable a ataques de degradaci\u00f3n, a ataques de tipo man-in-the-middle de supresi\u00f3n de SSL y debilita las protecciones contra el secuestro de cookies. Este problema afecta a CTPView de Juniper Networks: Versiones 7.3 anteriores a 7.3R7; versiones 9.1 anteriores a 9.1R3\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B2B00B-0003-4CB2-915A-476ADE94E965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D44422DD-33A8-4134-9E20-F792F5E42BB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D9F9989-F026-4A9F-864F-FBE223075909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCD3F4E5-86FC-42D9-B00D-2CCD6C0B05A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFAA3BFF-4E4B-42B1-AE85-0C8ED2124124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:7.3:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"13444098-AA31-42DE-BAD2-ACF27AC2398D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:9.1:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE8973E-116D-4F67-A24A-AB89D665ED46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:ctpview:9.1:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CBBA45-F4B2-4459-A7E3-EECDF68498B6\"}]}]}],\"references\":[{\"url\":\"https://kb.juniper.net/JSA11210\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://kb.juniper.net/JSA11210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
GSD-2021-0296
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-0296",
"description": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.",
"id": "GSD-2021-0296"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-0296"
],
"details": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.",
"id": "GSD-2021-0296",
"modified": "2023-12-13T01:23:07.061888Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-0296",
"STATE": "PUBLIC",
"TITLE": "CTPView: HSTS not being enforced on CTPView server."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTPView",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3",
"version_value": "7.3R7"
},
{
"version_affected": "\u003c",
"version_name": "9.1",
"version_value": "9.1R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11210",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11210"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: CTPView 7.3R7-1, 9.1R3, and all subsequent releases.\n"
}
],
"source": {
"advisory": "JSA11210",
"defect": [
"1544758"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the system via HTTP only from trusted, administrative networks or hosts."
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:9.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:9.1:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2021-0296"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11210",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11210"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
},
"lastModifiedDate": "2021-10-25T12:29Z",
"publishedDate": "2021-10-19T19:15Z"
}
}
}
CERTFR-2021-AVI-789
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks CTPView versions 9.1 antérieures à 9.1R3 | ||
| Juniper Networks | N/A | Juniper Networks SRC Series versions antérieures à 4.13.0-R6 | ||
| Juniper Networks | N/A | Juniper Networks CTPView versions 7.3 antérieures à 7.3R7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.4 antérieures à 19.4R1-S4, 19.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.4 antérieures à 19.4R2-S3, 19.4R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 17.4 antérieures à 17.4R2-S13, 17.4R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.4R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.4 antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.1 antérieures à 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.1 antérieures à 19.1R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 12.3X48 antérieures à 12.3X48-D105 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 17.4 antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.3 antérieures à 20.3R2-S1, 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.2 antérieures à 19.2R1-S7, 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1 antérieures à 15.1R7-S10 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.1 antérieures à 20.1R2-S2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.1 antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.4R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.3 antérieures à 18.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.3 antérieures à 20.3R1-S1, 20.3R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R1-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R1-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.1 antérieures à 18.1R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.1R3-S13 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.2 antérieures à 18.2R2-S8, 18.2R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.4 antérieures à 19.4R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.4 antérieures à 20.4R2-S1, 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.3R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.3 antérieures à 19.3R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.3 antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.2R1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.4 antérieures à 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.2 antérieures à 19.2R1-S6, 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.2 antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1X49 antérieures à 15.1X49-D220 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R2-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R2-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.1 antérieures à 20.1R2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.2 antérieures à 20.2R2, 20.2R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions antérieures à 17.3R3-S11 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.3 antérieures à 19.3R2-S6, 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 18.2R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.2 antérieures à 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 21.1 antérieures à 21.1R1-S1, 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.3 antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R2-S1 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.2-EVO antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO sur PTX10003 et PTX10008 platforms | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1 antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.4 antérieures à 20.4R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.3 antérieures à 20.3R1-S2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1-EVO antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.4R3-S1-EVO |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks CTPView versions 9.1 ant\u00e9rieures \u00e0 9.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.13.0-R6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks CTPView versions 7.3 ant\u00e9rieures \u00e0 7.3R7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R1-S4, 19.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S3, 19.4R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 17.4 ant\u00e9rieures \u00e0 17.4R2-S13, 17.4R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.4R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.4 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D105",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.4 ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R2-S1, 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7, 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2-S2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.4R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S1, 20.3R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R1-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R1-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.1 ant\u00e9rieures \u00e0 18.1R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.1R3-S13",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.2 ant\u00e9rieures \u00e0 18.2R2-S8, 18.2R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S1, 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.3 ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.4 ant\u00e9rieures \u00e0 18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S6, 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D220",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R2-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R2-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R2, 20.2R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S6, 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 18.2R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.2 ant\u00e9rieures \u00e0 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 21.1 ant\u00e9rieures \u00e0 21.1R1-S1, 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R2-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO sur PTX10003 et PTX10008 platforms",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1 ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.4 ant\u00e9rieures \u00e0 20.4R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1-EVO ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0296"
},
{
"name": "CVE-2021-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31356"
},
{
"name": "CVE-2021-31363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31363"
},
{
"name": "CVE-2021-0299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0299"
},
{
"name": "CVE-2021-31360",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31360"
},
{
"name": "CVE-2021-31355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31355"
},
{
"name": "CVE-2021-31353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31353"
},
{
"name": "CVE-2021-31354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31354"
},
{
"name": "CVE-2021-0298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0298"
},
{
"name": "CVE-2021-31361",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31361"
},
{
"name": "CVE-2021-31362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31362"
},
{
"name": "CVE-2021-31359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31359"
},
{
"name": "CVE-2021-31350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31350"
},
{
"name": "CVE-2021-31351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31351"
},
{
"name": "CVE-2021-31357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31357"
},
{
"name": "CVE-2021-31358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31358"
},
{
"name": "CVE-2021-0297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0297"
},
{
"name": "CVE-2021-31352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31352"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-789",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11224 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11224\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11221 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11221\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11218 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11218\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11213 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11213\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11210 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11210\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11212 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11212\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11223 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11223\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11225 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11225\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11219 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11219\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11222 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11222\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11215 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11215\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11220 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11220\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11211 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11211\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11217 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11217\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11216 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11216\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2021-AVI-789
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Juniper Networks CTPView versions 9.1 antérieures à 9.1R3 | ||
| Juniper Networks | N/A | Juniper Networks SRC Series versions antérieures à 4.13.0-R6 | ||
| Juniper Networks | N/A | Juniper Networks CTPView versions 7.3 antérieures à 7.3R7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.4 antérieures à 19.4R1-S4, 19.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.4 antérieures à 19.4R2-S3, 19.4R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 17.4 antérieures à 17.4R2-S13, 17.4R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.4R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.4 antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.1 antérieures à 19.1R1-S6, 19.1R2-S2, 19.1R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.1 antérieures à 19.1R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 12.3X48 antérieures à 12.3X48-D105 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 17.4 antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.3 antérieures à 20.3R2-S1, 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.2 antérieures à 19.2R1-S7, 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1 antérieures à 15.1R7-S10 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions antérieures à 18.4R3-S9 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.1 antérieures à 20.1R2-S2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.1 antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.4R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.3 antérieures à 18.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.3 antérieures à 20.3R1-S1, 20.3R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.2R1-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.1R1-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.4R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.1 antérieures à 18.1R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.1R3-S13 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.2 antérieures à 18.2R2-S8, 18.2R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.4 antérieures à 19.4R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.4 antérieures à 20.4R2-S1, 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.2 antérieures à 20.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 17.3R3-S12 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.3 antérieures à 19.3R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.1R3-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.3 antérieures à 20.3R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 21.2R1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 18.4 antérieures à 18.4R1-S8, 18.4R2-S7, 18.4R3-S7 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 19.2 antérieures à 19.2R1-S6, 19.2R3-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 20.2 antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 15.1X49 antérieures à 15.1X49-D220 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 21.1 antérieures à 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.4 antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.3 antérieures à 19.3R3-S4 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 19.3R2-S6 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R2-S2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.1 antérieures à 20.1R2, 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions 20.2 antérieures à 20.2R2, 20.2R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on QFX Series versions antérieures à 17.3R3-S11 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 19.3 antérieures à 19.3R2-S6, 19.3R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.2R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.1R3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions antérieures à 18.2R3-S8 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 19.2 antérieures à 19.2R3-S3 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on PTX Series versions 21.1 antérieures à 21.1R1-S1, 21.1R2 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 20.1 antérieures à 20.1R3-S1 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS versions 18.3 antérieures à 18.3R3-S5 | ||
| Juniper Networks | Networks Junos OS | Juniper Networks Junos OS on MX Series versions antérieures à 20.4R2-S1 | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.2-EVO antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.1R2-EVO sur PTX10003 et PTX10008 platforms | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 21.2R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1 antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.4 antérieures à 20.4R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 20.3 antérieures à 20.3R1-S2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions 21.1-EVO antérieures à 21.1R2-EVO | ||
| Juniper Networks | Networks Junos OS Evolved | Juniper Networks Junos OS Evolved versions antérieures à 20.4R3-S1-EVO |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks CTPView versions 9.1 ant\u00e9rieures \u00e0 9.1R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.13.0-R6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks CTPView versions 7.3 ant\u00e9rieures \u00e0 7.3R7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R1-S4, 19.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.4 ant\u00e9rieures \u00e0 19.4R2-S3, 19.4R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 17.4 ant\u00e9rieures \u00e0 17.4R2-S13, 17.4R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.4R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.4 ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R1-S6, 19.1R2-S2, 19.1R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D105",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 17.4 ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R2-S1, 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S7, 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions ant\u00e9rieures \u00e0 18.4R3-S9",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2-S2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.1 ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.4R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S1, 20.3R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.2R1-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.1R1-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.4R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.1 ant\u00e9rieures \u00e0 18.1R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.1R3-S13",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.2 ant\u00e9rieures \u00e0 18.2R2-S8, 18.2R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.4 ant\u00e9rieures \u00e0 19.4R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.4 ant\u00e9rieures \u00e0 20.4R2-S1, 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.1R3-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.3 ant\u00e9rieures \u00e0 20.3R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 18.4 ant\u00e9rieures \u00e0 18.4R1-S8, 18.4R2-S7, 18.4R3-S7",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 19.2 ant\u00e9rieures \u00e0 19.2R1-S6, 19.2R3-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D220",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 21.1 ant\u00e9rieures \u00e0 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.4 ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.3 ant\u00e9rieures \u00e0 19.3R3-S4",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 19.3R2-S6",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R2-S2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.1 ant\u00e9rieures \u00e0 20.1R2, 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions 20.2 ant\u00e9rieures \u00e0 20.2R2, 20.2R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on QFX Series versions ant\u00e9rieures \u00e0 17.3R3-S11",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 19.3 ant\u00e9rieures \u00e0 19.3R2-S6, 19.3R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.2R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.1R3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions ant\u00e9rieures \u00e0 18.2R3-S8",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 19.2 ant\u00e9rieures \u00e0 19.2R3-S3",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on PTX Series versions 21.1 ant\u00e9rieures \u00e0 21.1R1-S1, 21.1R2",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 20.1 ant\u00e9rieures \u00e0 20.1R3-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS versions 18.3 ant\u00e9rieures \u00e0 18.3R3-S5",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS on MX Series versions ant\u00e9rieures \u00e0 20.4R2-S1",
"product": {
"name": "Networks Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.1R2-EVO sur PTX10003 et PTX10008 platforms",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved toutes versions 21.1-EVO et 21.2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1 ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.4 ant\u00e9rieures \u00e0 20.4R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 20.3 ant\u00e9rieures \u00e0 20.3R1-S2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions 21.1-EVO ant\u00e9rieures \u00e0 21.1R2-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S1-EVO",
"product": {
"name": "Networks Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0296"
},
{
"name": "CVE-2021-31356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31356"
},
{
"name": "CVE-2021-31363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31363"
},
{
"name": "CVE-2021-0299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0299"
},
{
"name": "CVE-2021-31360",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31360"
},
{
"name": "CVE-2021-31355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31355"
},
{
"name": "CVE-2021-31353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31353"
},
{
"name": "CVE-2021-31354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31354"
},
{
"name": "CVE-2021-0298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0298"
},
{
"name": "CVE-2021-31361",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31361"
},
{
"name": "CVE-2021-31362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31362"
},
{
"name": "CVE-2021-31359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31359"
},
{
"name": "CVE-2021-31350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31350"
},
{
"name": "CVE-2021-31351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31351"
},
{
"name": "CVE-2021-31357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31357"
},
{
"name": "CVE-2021-31358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31358"
},
{
"name": "CVE-2021-0297",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0297"
},
{
"name": "CVE-2021-31352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31352"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-789",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11224 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11224\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11221 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11221\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11218 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11218\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11213 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11213\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11210 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11210\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11212 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11212\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11223 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11223\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11225 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11225\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11219 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11219\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11222 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11222\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11215 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11215\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11220 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11220\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11211 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11211\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11217 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11217\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11216 du 14 octobre 2021",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11216\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
VAR-202110-0387
Vulnerability from variot - Updated: 2023-12-18 13:51The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ctpview",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "7.3"
},
{
"model": "ctpview",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "9.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-0296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:7.3:r6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:9.1:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:juniper:ctpview:9.1:r2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-0296"
}
]
},
"cve": "CVE-2021-0296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-372198",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-0296",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "sirt@juniper.net",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-0296",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "sirt@juniper.net",
"id": "CVE-2021-0296",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-372198",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-0296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "VULMON",
"id": "CVE-2021-0296"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-0296",
"trust": 1.8
},
{
"db": "JUNIPER",
"id": "JSA11210",
"trust": 1.8
},
{
"db": "CS-HELP",
"id": "SB2021101402",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3419",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1005",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-372198",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-0296",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"id": "VAR-202110-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-372198"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:51:24.037000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Juniper Networks CtpView Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166613"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.juniper.net/jsa11210"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3419"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101402"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-372198"
},
{
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-372198"
},
{
"date": "2021-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"date": "2021-10-19T19:15:08.227000",
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"date": "2021-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-372198"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-0296"
},
{
"date": "2021-10-25T12:29:00.133000",
"db": "NVD",
"id": "CVE-2021-0296"
},
{
"date": "2021-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks CtpView Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1005"
}
],
"trust": 0.6
}
}
FKIE_CVE-2021-0296
Vulnerability from fkie_nvd - Published: 2021-10-19 19:15 - Updated: 2024-11-21 05:42
Severity ?
Summary
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11210 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11210 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "F3B2B00B-0003-4CB2-915A-476ADE94E965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "D44422DD-33A8-4134-9E20-F792F5E42BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3D9F9989-F026-4A9F-864F-FBE223075909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r4:*:*:*:*:*:*",
"matchCriteriaId": "BCD3F4E5-86FC-42D9-B00D-2CCD6C0B05A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r5:*:*:*:*:*:*",
"matchCriteriaId": "BFAA3BFF-4E4B-42B1-AE85-0C8ED2124124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:7.3:r6:*:*:*:*:*:*",
"matchCriteriaId": "13444098-AA31-42DE-BAD2-ACF27AC2398D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "0EE8973E-116D-4F67-A24A-AB89D665ED46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:ctpview:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "38CBBA45-F4B2-4459-A7E3-EECDF68498B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3."
},
{
"lang": "es",
"value": "El servidor CTPView de Juniper Networks no est\u00e1 aplicando HTTP Strict Transport Security (HSTS). HSTS es un encabezado de respuesta opcional que permite a los servidores indicar que el contenido del dominio solicitado s\u00f3lo se servir\u00e1 a trav\u00e9s de HTTPS. La falta de HSTS puede hacer que el sistema sea vulnerable a ataques de degradaci\u00f3n, a ataques de tipo man-in-the-middle de supresi\u00f3n de SSL y debilita las protecciones contra el secuestro de cookies. Este problema afecta a CTPView de Juniper Networks: Versiones 7.3 anteriores a 7.3R7; versiones 9.1 anteriores a 9.1R3"
}
],
"id": "CVE-2021-0296",
"lastModified": "2024-11-21T05:42:25.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-10-19T19:15:08.227",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11210"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-546V-59PH-F93V
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI?
Details
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
{
"affected": [],
"aliases": [
"CVE-2021-0296"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-19T19:15:00Z",
"severity": "HIGH"
},
"details": "The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.",
"id": "GHSA-546v-59ph-f93v",
"modified": "2022-05-24T19:17:56Z",
"published": "2022-05-24T19:17:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0296"
},
{
"type": "WEB",
"url": "https://kb.juniper.net/JSA11210"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…