Search criteria
3 vulnerabilities found for security_director by juniper
CVE-2025-52950 (GCVE-0-2025-52950)
Vulnerability from nvd – Published: 2025-07-11 14:40 – Updated: 2025-07-12 03:55
VLAI?
Title
Juniper Security Director: Insufficient authorization for multiple endpoints in web interface
Summary
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.
This issue affects Security Director version 24.4.1.
Severity ?
9.6 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Juniper Security Director |
Affected:
24.4.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T03:55:12.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Juniper Security Director",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "24.4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\u003cbr\u003e\u003cbr\u003eNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u0026nbsp;An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects Security Director version 24.4.1."
}
],
"value": "A\u00a0Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\n\nNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u00a0An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\n\n\n\nThis issue affects Security Director version 24.4.1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:40:49.980Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100054"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases"
}
],
"source": {
"advisory": "JSA100054",
"defect": [
"SB-14875",
"SB-15264",
"SB-15265",
"SB-15266",
"SB-15267",
"SB-15268",
"SB-15269"
],
"discovery": "INTERNAL"
},
"title": "Juniper Security Director: Insufficient authorization for multiple endpoints in web interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts.\u003cbr\u003e"
}
],
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52950",
"datePublished": "2025-07-11T14:40:49.980Z",
"dateReserved": "2025-06-23T13:16:01.409Z",
"dateUpdated": "2025-07-12T03:55:12.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-52950
Vulnerability from fkie_nvd - Published: 2025-07-11 15:15 - Updated: 2026-01-26 18:37
Severity ?
Summary
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.
This issue affects Security Director version 24.4.1.
References
| URL | Tags | ||
|---|---|---|---|
| sirt@juniper.net | https://supportportal.juniper.net/JSA100054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | security_director | 24.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:security_director:24.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0F66CE-A5A8-4D4D-B44C-F2DD971A38DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A\u00a0Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\n\nNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u00a0An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\n\n\n\nThis issue affects Security Director version 24.4.1."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falta de autorizaci\u00f3n en Juniper Networks Security Director permite a un atacante no autenticado acceder o manipular m\u00faltiples recursos confidenciales a trav\u00e9s de la interfaz web. Numerosos endpoints del dispositivo Juniper Security Director no validan la autorizaci\u00f3n y entregan al usuario informaci\u00f3n que excede su nivel de autorizaci\u00f3n. Un atacante puede acceder a datos que exceden el nivel de autorizaci\u00f3n del usuario. La informaci\u00f3n obtenida puede utilizarse para obtener acceso a informaci\u00f3n adicional o perpetrar otros ataques, afectando a los dispositivos administrados en sentido descendente. Este problema afecta a la versi\u00f3n 24.4.1 de Security Director."
}
],
"id": "CVE-2025-52950",
"lastModified": "2026-01-26T18:37:56.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "sirt@juniper.net",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2025-07-11T15:15:25.570",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://supportportal.juniper.net/JSA100054"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
}
CVE-2025-52950 (GCVE-0-2025-52950)
Vulnerability from cvelistv5 – Published: 2025-07-11 14:40 – Updated: 2025-07-12 03:55
VLAI?
Title
Juniper Security Director: Insufficient authorization for multiple endpoints in web interface
Summary
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.
This issue affects Security Director version 24.4.1.
Severity ?
9.6 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Juniper Security Director |
Affected:
24.4.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T03:55:12.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Juniper Security Director",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "24.4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\u003cbr\u003e\u003cbr\u003eNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u0026nbsp;An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects Security Director version 24.4.1."
}
],
"value": "A\u00a0Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\n\nNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u00a0An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\n\n\n\nThis issue affects Security Director version 24.4.1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:40:49.980Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100054"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases"
}
],
"source": {
"advisory": "JSA100054",
"defect": [
"SB-14875",
"SB-15264",
"SB-15265",
"SB-15266",
"SB-15267",
"SB-15268",
"SB-15269"
],
"discovery": "INTERNAL"
},
"title": "Juniper Security Director: Insufficient authorization for multiple endpoints in web interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts.\u003cbr\u003e"
}
],
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52950",
"datePublished": "2025-07-11T14:40:49.980Z",
"dateReserved": "2025-06-23T13:16:01.409Z",
"dateUpdated": "2025-07-12T03:55:12.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}