Junos J-Web Persistent Cross Site Scripting Vulnerability Network Vulnerability

Summary

Persistent XSS Vulnerability in J-Web

Impact

A remote unauthenticated user can inject web script or HTML and steal sensitive data and credentials from a J-Web session and perform administrative actions on the Junos device.

Solution

New builds of Junos OS software are available from Juniper.

Insight

A persistent cross site scripting vulnerability in J-Web may allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. An attacker can inject web script or HTML even when J-Web is disabled, but the vulnerability can only be exploited when J-Web is used to monitor the system.

Affected

Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3.

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10619
http://www.securityfocus.com/bid/66770

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2711
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Junos Security Issue whith Proxy ARP Enabled
Junos RDP Crash Vulnerability
Junos SSL Session Injection Vulnerability
Junos SSLv3 POODLE Vulnerability
Junos Denial of Service Vulnerability for New Dynamic VPN Connections

Take action and discover your vulnerabilities