| Vulnerability Name: | CVE-2017-10612 (CCN-133391) | ||||||||||||
| Assigned: | 2017-10-11 | ||||||||||||
| Published: | 2017-10-11 | ||||||||||||
| Updated: | 2019-10-09 | ||||||||||||
| Summary: | A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | ||||||||||||
| CVSS v3 Severity: | 8.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) 7.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-10612 Source: BID Type: Third Party Advisory, VDB Entry 101256 Source: CCN Type: BID-101256 Juniper Networks JUNOS Space CVE-2017-10612 HTML Injection Vulnerability Source: XF Type: UNKNOWN juniper-cve201710612-xss(133391) Source: CCN Type: Juniper Security Bulletin: JSA10826 Junos Space: Multiple vulnerabilities resolved in 17.1R1 release Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10826 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||