Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services

April 30, 2020

Severity

Medium

Analysis Summary

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal.

Impact

Command injection

Affected Vendor

Juniper

Affected Products

Junos OS 12.3
12.3X48
14.1X53
15.1
15.1X49
17.2
17.3
17.4
18.1
18.2
18.3
18.4
19.1
19.2
19.3
19.4
20.1

Remediation

If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. Refer to vendor’s advisory for the list of upgraded patches. https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&cat=SIRT_1&actp=LIST

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple D-Link Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

CVE-2025-25012 – Elastic Kibana Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2020-3955 – VMware ESXi Cross-Site Scripting Vulnerability

Rewterz Threat Advisory – CVE-2019-15126 – Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2 Vulnerability