CVE-2019-0047

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 12.1X46-D86 Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S13 Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D80 Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D51 Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S13, 15.1R7-S4 Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 Juniper Networks Junos OS 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69 Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S5 Juniper Networks Junos OS 16.2 versions prior to 16.2R2-S9 Juniper Networks Junos OS 17.1 versions prior to 17.1R3 Juniper Networks Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1 Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S6 Juniper Networks Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3 Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S5 Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3 Juniper Networks Junos OS 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3 Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S2, 18.4R2

Description A persistent Cross-Site Scripting (XSS) vulnerability in the Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue is related to insufficient protection of the web page structure.

Recommendations For Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86, update to version 12.1X46-D86 or later. For Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S13, update to version 12.3R12-S13 or later. For Juniper Networks Junos OS 12.3X48 versions prior to 12.3X48-D80, update to version 12.3X48-D80 or later. For Juniper Networks Junos OS 14.1X53 versions prior to 14.1X53-D51, update to version 14.1X53-D51 or later. For Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S13, 15.1R7-S4, update to version 15.1F6-S13 or 15.1R7-S4 or later. For Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180, update to version 15.1X49-D171 or 15.1X49-D180 or later. For Juniper Networks Junos OS 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69, update to version 15.1X53-D497 or 15.1X53-D69 or later. For Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S5, update to version 16.1R7-S5 or later. For Juniper Networks Junos OS 16.2 versions prior to 16.2R2-S9, update to version 16.2R2-S9 or later. For Juniper Networks Junos OS 17.1 versions prior to 17.1R3, update to version 17.1R3 or later. For Juniper Networks Junos OS 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1, update to version 17.2R1-S8 or 17.2R2-S7 or 17.2R3-S1 or later. For Juniper Networks Junos OS 17.3 versions prior to 17.3R3-S6, update to version 17.3R3-S6 or later. For Juniper Networks Junos OS 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3, update to version 17.4R1-S7 or 17.4R2-S4 or 17.4R3 or later. For Juniper Networks Junos OS 18.1 versions prior to 18.1R3-S5, update to version 18.1R3-S5 or later. For Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3, update to version 18.2R1-S5 or 18.2R2-S3 or 18.2R3 or later. For Juniper Networks Junos OS 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3, update to version 18.3R1-S3 or 18.3R2 or 18.3R3 or later. For Juniper Networks Junos OS 18.4 versions prior to 18.4R1-S2, 18.4R2, update to version 18.4R1-S2 or 18.4R2 or later.