CVE-2017-2336

Name of the Vulnerable Software and Affected Versions Juniper NetScreen Firewall+VPN versions prior to 6.3.0r24

Description A reflected cross-site scripting issue in the NetScreen WebUI allows a network-based attacker to inject HTML/JavaScript content into the management session of other users, including the administrator. This enables the attacker to execute commands with the permissions of an administrator.

Recommendations For versions prior to 6.3.0r24, update to version 6.3.0r24 or later to resolve the issue. As a temporary workaround, consider restricting access to the NetScreen WebUI to minimize the risk of exploitation.