Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-11198

Опубликовано: 09 окт. 2025
Источник: nvd
CVSS3: 7.4
EPSS Низкий

Описание

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones.

If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one.

This issue affects Security Director Policy Enforcer:  

  • All versions before 23.1R1 Hotpatch v3.

This issue does not affect Junos Space Security Director Insights.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:juniper:security_director_policy_enforcer:*:*:*:*:*:*:*:*
Версия до 23.1 (исключая)
cpe:2.3:a:juniper:security_director_policy_enforcer:23.1:r1:*:*:*:*:*:*
cpe:2.3:a:juniper:security_director_policy_enforcer:23.1:r1_hotpatch_v1:*:*:*:*:*:*
cpe:2.3:a:juniper:security_director_policy_enforcer:23.1:r1_hotpatch_v2:*:*:*:*:*:*

EPSS

Процентиль: 21%
0.00067
Низкий

7.4 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

github логотип

GHSA-r277-62xf-9v4g

CVSS3: 7.4
github
4 месяца назад

A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer will deliver the attacker's uploaded image to VMware NSX instead of a legitimate one. This issue affects Security Director Policy Enforcer:   * All versions before 23.1R1 Hotpatch v3. This issue does not affect Junos Space Security Director Insights.

EPSS

Процентиль: 21%
0.00067
Низкий

7.4 High

CVSS3

Дефекты

CWE-306