Juniper Networks · Junos · CVE-2019-0047
**Name of the Vulnerable Software and Affected Versions**
Juniper Networks Junos OS versions prior to 12.1X46-D86
Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S13
Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D80
Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D51
Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S13, 15.1R7-S4
Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180
Juniper Networks Junos OS 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69
Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S5
Juniper Networks Junos OS 16.2 versions prior to 16.2R2-S9
Juniper Networks Junos OS 17.1 versions prior to 17.1R3
Juniper Networks Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1
Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S6
Juniper Networks Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3
Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S5
Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3
Juniper Networks Junos OS 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3
Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S2, 18.4R2
**Description**
A persistent Cross-Site Scripting (XSS) vulnerability in the Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue is related to insufficient protection of the web page structure.
**Recommendations**
For Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86, update to version 12.1X46-D86 or later.
For Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S13, update to version 12.3R12-S13 or later.
For Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D80, update to version 12.3X48-D80 or later.
For Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D51, update to version 14.1X53-D51 or later.
For Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S13, 15.1R7-S4, update to version 15.1F6-S13 or 15.1R7-S4 or later.
For Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180, update to version 15.1X49-D171 or 15.1X49-D180 or later.
For Juniper Networks Junos OS 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69, update to version 15.1X53-D497 or 15.1X53-D69 or later.
For Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S5, update to version 16.1R7-S5 or later.
For Juniper Networks Junos OS 16.2 versions prior to 16.2R2-S9, update to version 16.2R2-S9 or later.
For Juniper Networks Junos OS 17.1 versions prior to 17.1R3, update to version 17.1R3 or later.
For Juniper Networks Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, update to version 17.2R1-S8 or 17.2R2-S7 or 17.2R3-S1 or later.
For Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S6, update to version 17.3R3-S6 or later.
For Juniper Networks Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3, update to version 17.4R1-S7 or 17.4R2-S4 or 17.4R3 or later.
For Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S5, update to version 18.1R3-S5 or later.
For Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3, update to version 18.2R1-S5 or 18.2R2-S3 or 18.2R3 or later.
For Juniper Networks Junos OS 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3, update to version 18.3R1-S3 or 18.3R2 or 18.3R3 or later.
For Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S2, 18.4R2, update to version 18.4R1-S2 or 18.4R2 or later.