How severe is CVE-2021-31384?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2021-31384?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2021-31384 - CRITICAL Severity | CVSS 10

Vulnerability Description

Due to a Missing Authorization weakness and Insufficient Granularity of Access Control in a specific device configuration, a vulnerability exists in Juniper Networks Junos OS on SRX Series whereby an attacker who attempts to access J-Web administrative interfaces can successfully do so from any device interface regardless of the web-management configuration and filter rules which may otherwise protect access to J-Web. This issue affects: Juniper Networks Junos OS SRX Series 20.4 version 20.4R1 and later versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Related Vulnerabilities

CVE-2020-5206

CRITICAL

CVSS:10.0(Critical)

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect give...

CWE-2852020

CVE-2021-37705

CRITICAL

CVSS:10.0(Critical)

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Direc...

CWE-2852021

CVE-2020-3374

CRITICAL

CVSS:9.9(Critical)

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive informat...

CWE-2852020

CVE-2024-43602

CRITICAL

CVSS:9.9(Critical)

Azure CycleCloud Remote Code Execution Vulnerability

CWE-2852024

CVE-2025-29827

CRITICAL

CVSS:9.9(Critical)

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

CWE-2852025

CVE-2015-3954

CRITICAL

CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges o...

CWE-2852015