A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. Using this vulnerability, an attacker may be able to inject commands into the httpd.log, read files with 'world' readable permission file or obtain J-Web session tokens. In the case of command injection, as the HTTP service runs as user 'nobody', the impact of this command injection is limited. (CVSS score 5.3, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) In the case of reading files with 'world' readable permission, in Junos OS 19.3R1 and above, the unauthenticated attacker would be able to read the configuration file. (CVSS score 5.9, vector CVSS:3.1/ AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) If J-Web is enabled, the attacker could gain the same level of access of anyone actively logged into J-Web. If an administrator is logged in, the attacker could gain administrator access to J-Web. (CVSS score 8.8, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled. Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf To summarize: If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. If HTTP/HTTPS services are enabled and J-Web is not in use, this vulnerability has a CVSS score of 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). If J-Web is enabled, this vulnerability has a CVSS score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Juniper SIRT has received a single report of this vulnerability being exploited in the wild. Out of an abundance of caution, we are notifying customers so they can take appropriate actions. Indicators of Compromise: The /var/log/httpd.log may have indicators that commands have injected or files being accessed. The device administrator can look for these indicators by searching for the string patterns "=*;*&" or "*%3b*&" in /var/log/httpd.log, using the following command: user@device> show log httpd.log | match "=*;*&|=*%3b*&" If this command returns any output, it might be an indication of malicious attempts or simply scanning activities. Rotated logs should also be reviewed, using the following command: user@device> show log httpd.log.0.gz | match "=*;*&|=*%3b*&" user@device> show log httpd.log.1.gz | match "=*;*&|=*%3b*&" Note that a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been attacked. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D101, 12.3X48-D105; 14.1X53 versions prior to 14.1X53-D54; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D211, 15.1X49-D220; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R3-S2 ; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S5, 19.1R3-S1; 19.1 version 19.1R2 and later versions; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2; 20.1 versions prior to 20.1R1-S1, 20.1R2.
CVE-2020-1631
Score elevated to 9.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2022-03-25), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 8.8 retained for reference. Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 8.8
- EG Score
- 9.8(high)
- EPSS
- 90.8%
- KEV
- ⚠ Exploited
Published
May 4, 2020
Last Modified
October 24, 2025
Advisory Details (2)
Auto-updated Jun 2, 2026Known Exploited Vulnerabilities Catalog | CISA
Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1631Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 91× in last 7d / 380× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 600 total refreshes for this CVE.
- 2026-07-16 11:16 UTCEG score recompute
- 2026-07-16 11:16 UTCGHSA enrichment
- 2026-07-16 06:52 UTCEG score recompute
- 2026-07-16 06:52 UTCGHSA enrichment
- 2026-07-16 02:28 UTCEG score recompute
- 2026-07-16 02:28 UTCGHSA enrichment
- 2026-07-15 22:03 UTCEG score recompute
- 2026-07-15 22:03 UTCGHSA enrichment
- 2026-07-15 17:37 UTCEG score recompute
- 2026-07-15 17:37 UTCGHSA enrichment
- 2026-07-15 16:55 UTCEPSS rescore
- 2026-07-15 16:49 UTCCISA KEV update
- 2026-07-15 15:04 UTCCISA KEV update
- 2026-07-15 13:13 UTCEG score recompute
- 2026-07-15 13:13 UTCGHSA enrichment
- 2026-07-15 08:47 UTCEG score recompute
- 2026-07-15 08:46 UTCGHSA enrichment
- 2026-07-15 04:21 UTCEG score recompute
- 2026-07-15 04:21 UTCGHSA enrichment
- 2026-07-15 01:57 UTCEPSS rescore
- 2026-07-14 23:55 UTCEG score recompute
- 2026-07-14 23:55 UTCGHSA enrichment
- 2026-07-14 19:31 UTCEG score recompute
- 2026-07-14 19:31 UTCGHSA enrichment
- 2026-07-14 18:05 UTCCISA KEV update
Show 75 moreShow fewer
- 2026-07-14 15:07 UTCEG score recompute
- 2026-07-14 15:07 UTCGHSA enrichment
- 2026-07-14 10:41 UTCEG score recompute
- 2026-07-14 10:41 UTCGHSA enrichment
- 2026-07-14 06:17 UTCEG score recompute
- 2026-07-14 06:17 UTCGHSA enrichment
- 2026-07-14 01:52 UTCEG score recompute
- 2026-07-14 01:52 UTCGHSA enrichment
- 2026-07-13 22:27 UTCEPSS rescore
- 2026-07-13 22:27 UTCEPSS rescore
- 2026-07-13 21:28 UTCEG score recompute
- 2026-07-13 21:28 UTCGHSA enrichment
- 2026-07-13 17:07 UTCCISA KEV update
- 2026-07-13 17:03 UTCEG score recompute
- 2026-07-13 17:03 UTCGHSA enrichment
- 2026-07-13 12:38 UTCEG score recompute
- 2026-07-13 12:38 UTCGHSA enrichment
- 2026-07-13 08:13 UTCEG score recompute
- 2026-07-13 08:13 UTCGHSA enrichment
- 2026-07-13 06:10 UTCEPSS rescore
- 2026-07-13 06:10 UTCEPSS rescore
- 2026-07-13 03:48 UTCEG score recompute
- 2026-07-13 03:48 UTCGHSA enrichment
- 2026-07-12 23:24 UTCEG score recompute
- 2026-07-12 23:24 UTCGHSA enrichment
- 2026-07-12 18:59 UTCEG score recompute
- 2026-07-12 18:59 UTCGHSA enrichment
- 2026-07-12 14:34 UTCEG score recompute
- 2026-07-12 14:34 UTCGHSA enrichment
- 2026-07-12 10:10 UTCEG score recompute
- 2026-07-12 10:10 UTCGHSA enrichment
- 2026-07-12 05:46 UTCEG score recompute
- 2026-07-12 05:46 UTCGHSA enrichment
- 2026-07-12 05:44 UTCEPSS rescore
- 2026-07-12 01:22 UTCEG score recompute
- 2026-07-12 01:22 UTCGHSA enrichment
- 2026-07-11 20:58 UTCEG score recompute
- 2026-07-11 20:58 UTCGHSA enrichment
- 2026-07-11 16:34 UTCEG score recompute
- 2026-07-11 16:34 UTCGHSA enrichment
- 2026-07-11 12:10 UTCEG score recompute
- 2026-07-11 12:10 UTCGHSA enrichment
- 2026-07-11 08:25 UTCEPSS rescore
- 2026-07-11 08:25 UTCEPSS rescore
- 2026-07-11 07:46 UTCEG score recompute
- 2026-07-11 07:46 UTCGHSA enrichment
- 2026-07-11 03:22 UTCEG score recompute
- 2026-07-11 03:22 UTCGHSA enrichment
- 2026-07-10 22:57 UTCEG score recompute
- 2026-07-10 22:57 UTCGHSA enrichment
- 2026-07-10 18:33 UTCEG score recompute
- 2026-07-10 18:33 UTCGHSA enrichment
- 2026-07-10 17:52 UTCCISA KEV update
- 2026-07-10 14:09 UTCEG score recompute
- 2026-07-10 14:09 UTCGHSA enrichment
- 2026-07-10 09:44 UTCEG score recompute
- 2026-07-10 09:43 UTCGHSA enrichment
- 2026-07-10 05:17 UTCEG score recompute
- 2026-07-10 05:17 UTCGHSA enrichment
- 2026-07-10 00:52 UTCEG score recompute
- 2026-07-10 00:51 UTCGHSA enrichment
- 2026-07-09 20:27 UTCEG score recompute
- 2026-07-09 20:27 UTCGHSA enrichment
- 2026-07-09 19:07 UTCEPSS rescore
- 2026-07-09 16:03 UTCEG score recompute
- 2026-07-09 16:03 UTCGHSA enrichment
- 2026-07-09 11:39 UTCEG score recompute
- 2026-07-09 11:39 UTCGHSA enrichment
- 2026-07-09 07:15 UTCEG score recompute
- 2026-07-09 07:15 UTCGHSA enrichment
- 2026-07-09 02:51 UTCEG score recompute
- 2026-07-09 02:50 UTCGHSA enrichment
- 2026-07-08 22:26 UTCEG score recompute
- 2026-07-08 22:26 UTCGHSA enrichment
- 2026-07-08 18:02 UTCEG score recompute
Related CVEs(same CWE)
Frequently asked(6)
What is CVE-2020-1631?
When was CVE-2020-1631 disclosed?
Is CVE-2020-1631 actively exploited?
What is the CVSS score of CVE-2020-1631?
Which products are affected by CVE-2020-1631?
How do I remediate CVE-2020-1631?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2020-1631
Is Your Infrastructure Affected by CVE-2020-1631?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.