CVE-2014-3821

Name of the Vulnerable Software and Affected Versions Junos versions 11.4 through 11.4R10 Junos versions 12.1X44 through 12.1X44-D33 Junos versions 12.1X45 through 12.1X45-D24 Junos versions 12.1X46 through 12.1X46-D19 Junos versions 12.1X47 through 12.1X47-D9

Description A cross-site scripting (XSS) issue exists in the SRX Web Authentication (webauth) service, allowing remote attackers to inject arbitrary web script or HTML. This is due to a lack of input parameter control on the user authentication page, which can be exploited by an attacker to execute arbitrary code.

Recommendations For versions 11.4 through 11.4R10, update to version 11.4R11 or later. For versions 12.1X44 through 12.1X44-D33, update to version 12.1X44-D34 or later. For versions 12.1X45 through 12.1X45-D24, update to version 12.1X45-D25 or later. For versions 12.1X46 through 12.1X46-D19, update to version 12.1X46-D20 or later. For versions 12.1X47 through 12.1X47-D9, update to version 12.1X47-D10 or later.