CVE-2020-1673Cross-site Scripting in Networks Junos OS

CWE-79Cross-site Scripting4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.4%
top 19.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 16
Latest updateMay 24

Description

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisionin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.118.1R3-S11+8
NVDjuniper/junos9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-pq48-688x-8p2v: Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to2022-05-24
CVEList
Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services2020-10-16

📋Vendor Advisories

1
Juniper
CVE-2020-1673: Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to2020-10-16
CVE-2020-1673 — Cross-site Scripting | cvebase