CVE-2021-0275

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 12.3 through 12.3R12-S15 on EX Series Juniper Networks Junos OS versions 12.3X48 through 12.3X48-D95 on SRX Series Juniper Networks Junos OS versions 15.1 through 15.1R7-S6 on EX Series Juniper Networks Junos OS versions 15.1X49 through 15.1X49-D200 on SRX Series Juniper Networks Junos OS versions 16.1 through 16.1R7-S7 Juniper Networks Junos OS versions 16.2 through 16.2R2-S11, 16.2R3 Juniper Networks Junos OS versions 17.1 through 17.1R2-S11, 17.1R3-S2 Juniper Networks Junos OS versions 17.2 through 17.2R3-S3 Juniper Networks Junos OS versions 17.3 through 17.3R2-S5, 17.3R3-S7 Juniper Networks Junos OS versions 17.4 through 17.4R2-S9, 17.4R3 Juniper Networks Junos OS versions 18.1 through 18.1R3-S9 Juniper Networks Junos OS versions 18.2 through 18.2R2-S7, 18.2R3-S3 Juniper Networks Junos OS versions 18.3 through 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 Juniper Networks Junos OS versions 18.4 through 18.4R1-S6, 18.4R2-S4, 18.4R3 Juniper Networks Junos OS versions 19.1 through 19.1R2-S1, 19.1R3 Juniper Networks Junos OS versions 19.2 through 19.2R1-S3, 19.2R2 Juniper Networks Junos OS versions 19.3 through 19.3R2

Description: A Cross-site Scripting (XSS) issue in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session, gaining access to the user's session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device.

Recommendations: Update to a version later than 12.3R12-S15 on EX Series Update to a version later than 12.3X48-D95 on SRX Series Update to a version later than 15.1R7-S6 on EX Series Update to a version later than 15.1X49-D200 on SRX Series Update to a version later than 16.1R7-S7 Update to a version later than 16.2R2-S11, 16.2R3 Update to a version later than 17.1R2-S11, 17.1R3-S2 Update to a version later than 17.2R3-S3 Update to a version later than 17.3R2-S5, 17.3R3-S7 Update to a version later than 17.4R2-S9, 17.4R3 Update to a version later than 18.1R3-S9 Update to a version later than 18.2R2-S7, 18.2R3-S3 Update to a version later than 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 Update to a version later than 18.4R1-S6, 18.4R2-S4, 18.4R3 Update to a version later than 19.1R2-S1, 19.1R3 Update to a version later than 19.2R1-S3, 19.2R2 Update to a version later than 19.3R2