CVE-2016-4923

Name of the Vulnerable Software and Affected Versions Junos OS versions 11.4 prior to 11.4R13-S3 Junos OS versions 12.1X44 prior to 12.1X44-D60 Junos OS versions 12.1X46 prior to 12.1X46-D40 Junos OS versions 12.1X47 prior to 12.1X47-D30 Junos OS versions 12.3 prior to 12.3R11 Junos OS versions 12.3X48 prior to 12.3X48-D20 Junos OS versions 13.2X51 prior to 13.2X51-D40 Junos OS versions 13.3 prior to 13.3R9 Junos OS versions 14.1 prior to 14.1R6 Junos OS versions 14.2 prior to 14.2R6 Junos OS versions 15.1 prior to 15.1R3 Junos OS versions 15.1X49 prior to 15.1X49-D20 Junos OS versions 15.1X53 prior to 15.1X53-D57

Description The J-Web component in Junos OS has insufficient cross-site scripting protection, potentially allowing a remote unauthenticated user to inject web script or HTML, steal sensitive data and credentials from a J-Web session, and perform administrative actions on the Junos device. There is no known malicious exploitation of this issue.

Recommendations For Junos OS versions 11.4 prior to 11.4R13-S3, update to 11.4R13-S3 or later. For Junos OS versions 12.1X44 prior to 12.1X44-D60, update to 12.1X44-D60 or later. For Junos OS versions 12.1X46 prior to 12.1X46-D40, update to 12.1X46-D40 or later. For Junos OS versions 12.1X47 prior to 12.1X47-D30, update to 12.1X47-D30 or later. For Junos OS versions 12.3 prior to 12.3R11, update to 12.3R11 or later. For Junos OS versions 12.3X48 prior to 12.3X48-D20, update to 12.3X48-D20 or later. For Junos OS versions 13.2X51 prior to 13.2X51-D40, update to 13.2X51-D40 or later. For Junos OS versions 13.3 prior to 13.3R9, update to 13.3R9 or later. For Junos OS versions 14.1 prior to 14.1R6, update to 14.1R6 or later. For Junos OS versions 14.2 prior to 14.2R6, update to 14.2R6 or later. For Junos OS versions 15.1 prior to 15.1R3, update to 15.1R3 or later. For Junos OS versions 15.1X49 prior to 15.1X49-D20, update to 15.1X49-D20 or later. For Junos OS versions 15.1X53 prior to 15.1X53-D57, update to 15.1X53-D57 or later.