PT-2015-6049 · Juniper Networks · Junos
Publicado
2015-04-10
·
Atualizado
2016-12-03
·
CVE-2015-3005
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Junos versions 12.1X44 before 12.1X44-D45
Junos versions 12.1X46 before 12.1X46-D30
Junos versions 12.1X47 before 12.1X47-D20
Junos versions 12.3X48 before 12.3X48-D10
Description
A cross-site scripting (XSS) issue exists in the Dynamic VPN of Juniper Junos on SRX series devices, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Junos versions 12.1X44 before 12.1X44-D45, update to version 12.1X44-D45 or later.
For Junos versions 12.1X46 before 12.1X46-D30, update to version 12.1X46-D30 or later.
For Junos versions 12.1X47 before 12.1X47-D20, update to version 12.1X47-D20 or later.
For Junos versions 12.3X48 before 12.3X48-D10, update to version 12.3X48-D10 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Junos