CVE-2017-2338

Name of the Vulnerable Software and Affected Versions Juniper NetScreen Firewall+VPN versions prior to 6.3.0r24 on SSG Series

Description A persistent cross-site scripting issue in the NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users, including the administrator. This enables the lower-privileged user to execute commands with the permissions of an administrator.

Recommendations For versions prior to 6.3.0r24 on SSG Series, update to version 6.3.0r24 or later to resolve the issue. As a temporary workaround, consider restricting access to the NetScreen WebUI to minimize the risk of exploitation.