Junos J-Web Persistent Cross Site Scripting Vulnerability Network Vulnerability

Summary

Persistent XSS Vulnerability in J-Web

Impact

A remote unauthenticated user can inject web script or HTML and steal sensitive data and credentials from a J-Web session and perform administrative actions on the Junos device.

Solution

New builds of Junos OS software are available from Juniper.

Insight

A persistent cross site scripting vulnerability in J-Web may allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. An attacker can inject web script or HTML even when J-Web is disabled, but the vulnerability can only be exploited when J-Web is used to monitor the system.

Affected

Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3.

Detection

Check the OS build.

References

http://kb.juniper.net/JSA10619
http://www.securityfocus.com/bid/66770

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2711

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Junos RDP Crash Vulnerability
Junos TCP Packet Processing Denial of Service Vulnerability
Junos OSPF Protocol Vulnerability
Junos SSLv3 POODLE Vulnerability
Junos NTP Server Amplification Denial of Service Vulnerability

Take action and discover your vulnerabilities