CVE-2020-1607

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 12.3R12-S15 Junos OS 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 Junos OS 14.1X53 versions prior to 14.1X53-D51 Junos OS 15.1F6 versions prior to 15.1F6-S13 Junos OS 15.1 versions prior to 15.1R7-S5 Junos OS 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 Junos OS 15.1X53 versions prior to 15.1X53-D238 Junos OS 15.1X53 versions prior to 15.1X53-D592 Junos OS 16.1 versions prior to 16.1R4-S13, 16.1R7-S5 Junos OS 16.2 versions prior to 16.2R2-S10 Junos OS 17.1 versions prior to 17.1R2-S11, 17.1R3-S1 Junos OS 17.2 versions prior to 17.2R1-S9, 17.2R3-S2 Junos OS 17.3 versions prior to 17.3R2-S5, 17.3R3-S5 Junos OS 17.4 versions prior to 17.4R2-S6, 17.4R3 Junos OS 18.1 versions prior to 18.1R3-S7 Junos OS 18.2 versions prior to 18.2R2-S5, 18.2R3 Junos OS 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3 Junos OS 18.4 versions prior to 18.4R1-S5, 18.4R2 Junos OS 19.1 versions prior to 19.1R1-S2, 19.1R2

Description The issue is related to insufficient protection against Cross-Site Scripting (XSS) attacks in the J-Web interface of Junos OS. This may allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session, and perform administrative actions on the Junos device as the targeted user.

Recommendations For Junos OS versions prior to 12.3R12-S15, update to 12.3R12-S15 or later. For Junos OS 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90, update to 12.3X48-D86, 12.3X48-D90 or later. For Junos OS 14.1X53 versions prior to 14.1X53-D51, update to 14.1X53-D51 or later. For Junos OS 15.1F6 versions prior to 15.1F6-S13, update to 15.1F6-S13 or later. For Junos OS 15.1 versions prior to 15.1R7-S5, update to 15.1R7-S5 or later. For Junos OS 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190, update to 15.1X49-D181, 15.1X49-D190 or later. For Junos OS 15.1X53 versions prior to 15.1X53-D238, update to 15.1X53-D238 or later. For Junos OS 15.1X53 versions prior to 15.1X53-D592, update to 15.1X53-D592 or later. For Junos OS 16.1 versions prior to 16.1R4-S13, 16.1R7-S5, update to 16.1R4-S13, 16.1R7-S5 or later. For Junos OS 16.2 versions prior to 16.2R2-S10, update to 16.2R2-S10 or later. For Junos OS 17.1 versions prior to 17.1R2-S11, 17.1R3-S1, update to 17.1R2-S11, 17.1R3-S1 or later. For Junos OS 17.2 versions prior to 17.2R1-S9, 17.2R3-S2, update to 17.2R1-S9, 17.2R3-S2 or later. For Junos OS 17.3 versions prior to 17.3R2-S5, 17.3R3-S5, update to 17.3R2-S5, 17.3R3-S5 or later. For Junos OS 17.4 versions prior to 17.4R2-S6, 17.4R3, update to 17.4R2-S6, 17.4R3 or later. For Junos OS 18.1 versions prior to 18.1R3-S7, update to 18.1R3-S7 or later. For Junos OS 18.2 versions prior to 18.2R2-S5, 18.2R3, update to 18.2R2-S5, 18.2R3 or later. For Junos OS 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3, update to 18.3R1-S6, 18.3R2-S1, 18.3R3 or later. For Junos OS 18.4 versions prior to 18.4R1-S5, 18.4R2, update to 18.4R1-S5, 18.4R2 or later. For Junos OS 19.1 versions prior to 19.1R1-S2, 19.1R2, update to 19.1R1-S2, 19.1R2 or later.