CVE-2020-1607Cross-site Scripting in Networks Junos OS

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
CNA7.5
EPSS
0.3%
top 43.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 15
Latest updateMay 24

Description

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S15+19
NVDjuniper/junos17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-hfvf-x5qf-mwmg: Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target us2022-05-24
CVEList
Junos OS: Cross-Site Scripting (XSS) in J-Web2020-01-15

📋Vendor Advisories

1
Juniper
CVE-2020-1607: Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target us2020-01-15
CVE-2020-1607 — Cross-site Scripting | cvebase