CVE-2021-0275Cross-site Scripting in Networks Junos OS

CWE-79Cross-site Scripting4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.5%
top 32.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series;

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S15+16
NVDjuniper/junos17 versions+16

🔴Vulnerability Details

2
GHSA
GHSA-mj8r-p74v-gg38: A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining a2022-05-24
CVEList
Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0275: A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining a2021-04-22
CVE-2021-0275 — Cross-site Scripting | cvebase