Vulnerabilites related to Juniper Networks - Juniper Security Director
CVE-2025-52950 (GCVE-0-2025-52950)
Vulnerability from cvelistv5
Published
2025-07-11 14:40
Modified
2025-07-12 03:55
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.4 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H
6.4 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
A Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.
Numerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level. An attacker can access data that is outside the user's authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.
This issue affects Security Director version 24.4.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Juniper Security Director |
Version: 24.4.1 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T03:55:12.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Juniper Security Director",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "24.4.1",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A\u0026nbsp;Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\u003cbr\u003e\u003cbr\u003eNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u0026nbsp;An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\u003cbr\u003e\u003cbr\u003e\n\nThis issue affects Security Director version 24.4.1."
}
],
"value": "A\u00a0Missing Authorization vulnerability in Juniper Networks Security Director allows an unauthenticated network-based attacker to read or tamper with multiple sensitive resources via the web interface.\n\nNumerous endpoints on the Juniper Security Director appliance do not validate authorization and will deliver information to the caller that is outside their authorization level.\u00a0An attacker can access data that is outside the user\u0027s authorization level. The information obtained can be used to gain access to additional information or perpetrate other attacks, impacting downstream managed devices.\n\n\n\nThis issue affects Security Director version 24.4.1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:40:49.980Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100054"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Juniper Security Director Software Bundle Update 24.4.1-1703, and all subsequent releases"
}
],
"source": {
"advisory": "JSA100054",
"defect": [
"SB-14875",
"SB-15264",
"SB-15265",
"SB-15266",
"SB-15267",
"SB-15268",
"SB-15269"
],
"discovery": "INTERNAL"
},
"title": "Juniper Security Director: Insufficient authorization for multiple endpoints in web interface",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts.\u003cbr\u003e"
}
],
"value": "Use access lists or firewall filters to limit access to the web interface only from trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52950",
"datePublished": "2025-07-11T14:40:49.980Z",
"dateReserved": "2025-06-23T13:16:01.409Z",
"dateUpdated": "2025-07-12T03:55:12.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}