← voltar
CVE-2017-2336

ScreenOS: XSS vulnerability in ScreenOS Firewall

CVSS 9.6 CRITICALEPSS 1.2%
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.6EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jul 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Juniper Networks · ScreenOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://kb.juniper.net/JSA10782http://www.securityfocus.com/bid/99590http://www.securitytracker.com/id/1038881