← voltar
CVE-2017-2339

ScreenOS: XSS vulnerability in ScreenOS Firewall

CVSS 8.4 HIGHEPSS 1.1%
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.4EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jul 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Juniper Networks · ScreenOS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://kb.juniper.net/JSA10782http://www.securityfocus.com/bid/99590http://www.securitytracker.com/id/1038881