CVE-2018-0047

Name of the Vulnerable Software and Affected Versions Junos Space Security Director versions prior to 17.2R2

Description A persistent cross-site scripting issue in the UI framework of Junos Space Security Director may allow authenticated users to inject malicious scripts, potentially leading to information theft or actions being performed as a different user when other users access the Security Director web interface. The issue is caused by insufficient protection of the web page structure, which could allow a remote attacker to disclose protected information or perform actions on behalf of other users.

Recommendations For versions prior to 17.2R2, update to version 17.2R2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Director web interface to minimize the risk of exploitation.