CVE-2020-1673

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 18.1R3-S1 Juniper Networks Junos OS versions prior to 18.2R3-S5 Juniper Networks Junos OS versions prior to 18.3R2-S4, 18.3R3-S2 Juniper Networks Junos OS versions prior to 18.4R2-S5, 18.4R3-S2 Juniper Networks Junos OS versions prior to 19.1R2-S2, 19.1R3-S1 Juniper Networks Junos OS versions prior to 19.2R1-S5, 19.2R2 Juniper Networks Junos OS versions prior to 19.3R2-S4, 19.3R3 Juniper Networks Junos OS versions prior to 19.4R1-S3, 19.4R2 Juniper Networks Junos OS versions prior to 20.1R1-S2, 20.1R2

Description The issue is related to insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web-based services, allowing an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This can be achieved by convincing the device administrator to take action such as clicking a crafted URL sent via phishing email or inputting data in the browser console.

Recommendations For Juniper Networks Junos OS versions prior to 18.1R3-S1, update to version 18.1R3-S1 or later. For Juniper Networks Junos OS versions prior to 18.2R3-S5, update to version 18.2R3-S5 or later. For Juniper Networks Junos OS versions prior to 18.3R2-S4, 18.3R3-S2, update to version 18.3R2-S4, 18.3R3-S2 or later. For Juniper Networks Junos OS versions prior to 18.4R2-S5, 18.4R3-S2, update to version 18.4R2-S5, 18.4R3-S2 or later. For Juniper Networks Junos OS versions prior to 19.1R2-S2, 19.1R3-S1, update to version 19.1R2-S2, 19.1R3-S1 or later. For Juniper Networks Junos OS versions prior to 19.2R1-S5, 19.2R2, update to version 19.2R1-S5, 19.2R2 or later. For Juniper Networks Junos OS versions prior to 19.3R2-S4, 19.3R3, update to version 19.3R2-S4, 19.3R3 or later. For Juniper Networks Junos OS versions prior to 19.4R1-S3, 19.4R2, update to version 19.4R1-S3, 19.4R2 or later. For Juniper Networks Junos OS versions prior to 20.1R1-S2, 20.1R2, update to version 20.1R1-S2, 20.1R2 or later.