| Vulnerability Name: | CVE-2017-2339 (CCN-128508) | ||||||||||||
| Assigned: | 2016-12-01 | ||||||||||||
| Published: | 2017-07-13 | ||||||||||||
| Updated: | 2017-07-22 | ||||||||||||
| Summary: | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
8.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-2339 Source: BID Type: Third Party Advisory, VDB Entry 99590 Source: CCN Type: BID-99590 Juniper ScreenOS Multiple HTML Injection Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1038881 Source: XF Type: UNKNOWN juniper-cve20172339-xss(128508) Source: CCN Type: Juniper Networks Security Bulletin JSA10782 Multiple XSS vulnerabilities in ScreenOS Firewall Source: CONFIRM Type: Vendor Advisory https://kb.juniper.net/JSA10782 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||