Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services

Rewterz Threat Advisory – CVE-2020-3955 – VMware ESXi Cross-Site Scripting Vulnerability

April 30, 2020

Rewterz Threat Advisory – CVE-2019-15126 – Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2 Vulnerability

April 30, 2020

Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services

Severity

Medium

Analysis Summary

A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal.

Impact

Command injection

Affected Vendor

Juniper

Affected Products

Junos OS 12.3
12.3X48
14.1X53
15.1
15.1X49
17.2
17.3
17.4
18.1
18.2
18.3
18.4
19.1
19.2
19.3
19.4
20.1

Remediation

If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. Refer to vendor’s advisory for the list of upgraded patches. https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&cat=SIRT_1&actp=LIST

Rewterz Threat Advisory – CVE-2020-3955 – VMware ESXi Cross-Site Scripting Vulnerability

Rewterz Threat Advisory – CVE-2019-15126 – Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2 Vulnerability

Rewterz Threat Advisory – CVE-2020-1631 – Juniper Junos OS vulnerability in J-Web and web based (HTTP/HTTPS) services

Severity

Analysis Summary

Impact

Affected Vendor

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan