CVE-2025-6549

Опубликовано: 11 июл. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the

Juniper Web Device Manager

(J-Web).

When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS:

all versions before 21.4R3-S9,
22.2 versions before 22.2R3-S5,
22.4 versions before 22.4R3-S5,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S5,
24.2 versions before 24.2R2.

Ссылки

https://supportportal.juniper.net/JSA100098

EPSS

Процентиль: 10%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-j7m5-q9g3-5q68

CVSS3: 6.5

github

около 2 месяцев назад

An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces are configured for J-Web, the J-Web UI is reachable over more than the intended interfaces. This issue affects Junos OS: * all versions before 21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2.

EPSS

Процентиль: 10%

0.00038

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-863