PT-2014-1956 · Juniper Networks · Junos
Published
2014-04-14
·
Updated
2015-10-08
·
CVE-2014-2712
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Junos versions prior to 10.0S25
Junos versions 10.4 prior to 10.4R10
Junos versions 11.4 prior to 11.4R11
Junos versions 12.1 prior to 12.1R9
Junos versions 12.1X44 prior to 12.1X44-D30
Junos versions 12.1X45 prior to 12.1X45-D20
Junos versions 12.1X46 prior to 12.1X46-D10
Junos versions 12.2 prior to 12.2R1
Description
The issue is related to a cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos. This vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to
index.php. The vulnerability is due to insufficient filtering of special characters, which enables an attacker to execute arbitrary Java scripts in the context of the user's browser.Recommendations
For Junos versions prior to 10.0S25, update to version 10.0S25 or later.
For Junos versions 10.4 prior to 10.4R10, update to version 10.4R10 or later.
For Junos versions 11.4 prior to 11.4R11, update to version 11.4R11 or later.
For Junos versions 12.1 prior to 12.1R9, update to version 12.1R9 or later.
For Junos versions 12.1X44 prior to 12.1X44-D30, update to version 12.1X44-D30 or later.
For Junos versions 12.1X45 prior to 12.1X45-D20, update to version 12.1X45-D20 or later.
For Junos versions 12.1X46 prior to 12.1X46-D10, update to version 12.1X46-D10 or later.
For Junos versions 12.2 prior to 12.2R1, update to version 12.2R1 or later.
As a temporary workaround, consider restricting access to the
index.php module to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos