CVE-2021-31355

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 12.3X48 prior to 12.3X48-D105 Juniper Networks Junos OS versions 15.1X49 prior to 15.1X49-D220 Juniper Networks Junos OS versions 18.3 prior to 18.3R3-S5 Juniper Networks Junos OS versions 18.4 prior to 18.4R3-S9 Juniper Networks Junos OS versions 19.1 prior to 19.1R3-S7 Juniper Networks Junos OS versions 19.2 prior to 19.2R3-S3 Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S4 Juniper Networks Junos OS versions 19.4 prior to 19.4R3-S6 Juniper Networks Junos OS versions 20.1 prior to 20.1R3 Juniper Networks Junos OS versions 20.2 prior to 20.2R1-S1, 20.2R2 Juniper Networks Junos OS versions 20.3 prior to 20.3R2 Juniper Networks Junos OS versions 20.4 prior to 20.4R2 Juniper Networks Junos OS versions 21.1 prior to 21.1R2

Description A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.

Recommendations For Juniper Networks Junos OS versions 12.3X48 prior to 12.3X48-D105, update to version 12.3X48-D105 or later. For Juniper Networks Junos OS versions 15.1X49 prior to 15.1X49-D220, update to version 15.1X49-D220 or later. For Juniper Networks Junos OS versions 18.3 prior to 18.3R3-S5, update to version 18.3R3-S5 or later. For Juniper Networks Junos OS versions 18.4 prior to 18.4R3-S9, update to version 18.4R3-S9 or later. For Juniper Networks Junos OS versions 19.1 prior to 19.1R3-S7, update to version 19.1R3-S7 or later. For Juniper Networks Junos OS versions 19.2 prior to 19.2R3-S3, update to version 19.2R3-S3 or later. For Juniper Networks Junos OS versions 19.3 prior to 19.3R3-S4, update to version 19.3R3-S4 or later. For Juniper Networks Junos OS versions 19.4 prior to 19.4R3-S6, update to version 19.4R3-S6 or later. For Juniper Networks Junos OS versions 20.1 prior to 20.1R3, update to version 20.1R3 or later. For Juniper Networks Junos OS versions 20.2 prior to 20.2R1-S1, 20.2R2, update to version 20.2R1-S1, 20.2R2 or later. For Juniper Networks Junos OS versions 20.3 prior to 20.3R2, update to version 20.3R2 or later. For Juniper Networks Junos OS versions 20.4 prior to 20.4R2, update to version 20.4R2 or later. For Juniper Networks Junos OS versions 21.1 prior to 21.1R2, update to version 21.1R2 or later.