CVE-2017-2337

Name of the Vulnerable Software and Affected Versions Juniper NetScreen Firewall+VPN versions prior to 6.3.0r24

Description A persistent cross-site scripting issue in the NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users, including the administrator. This enables the lower-privileged user to execute commands with the permissions of an administrator.

Recommendations For versions prior to 6.3.0r24, update to version 6.3.0r24 or later to resolve the issue. As a temporary workaround, consider restricting access to the NetScreen WebUI to minimize the risk of exploitation.