CVE-2019-0047 — Cross-site Scripting in Networks Junos OS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper J-web +1 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 version…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os12.1X46 — 12.1X46-D86+16

▶NVDjuniper/junos17 versions+16

▶juniperjuniper/junos_os

▶juniperjuniper/j-web

🔴Vulnerability Details

GHSA

GHSA-qf8v-25wv-mrfp: A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative↗2022-05-24

▶

📋Vendor Advisories

Juniper

CVE-2019-0047: A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative↗2019-10-09

▶