CVE-2019-0025

Name of the Vulnerable Software and Affected Versions Juniper ATP versions prior to 5.0.3

Description A persistent cross-site scripting (XSS) issue in the RADIUS configuration menu may allow an authenticated user to inject arbitrary script, potentially stealing sensitive data and credentials from a web administration session. This could trick a follow-on administrative user into performing unintended administrative actions on the device. The issue is related to insufficient input validation, which can be exploited by a remote attacker to inject arbitrary JavaScript code and access protected data.

Recommendations For Juniper ATP versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RADIUS configuration menu to minimize the risk of exploitation.