PT-2022-5263 · Juniper Networks · Junos
Published
2022-10-17
·
Updated
2022-11-07
·
CVE-2022-22242
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Junos OS versions prior to 19.1R3-S9
Junos OS versions 19.2 prior to 19.2R3-S6
Junos OS versions 19.3 prior to 19.3R3-S7
Junos OS versions 19.4 prior to 19.4R2-S7, 19.4R3-S8
Junos OS versions 20.1 prior to 20.1R3-S5
Junos OS versions 20.2 prior to 20.2R3-S5
Junos OS versions 20.3 prior to 20.3R3-S5
Junos OS versions 20.4 prior to 20.4R3-S4
Junos OS versions 21.1 prior to 21.1R3-S4
Junos OS versions 21.2 prior to 21.2R3-S1
Junos OS versions 21.3 prior to 21.3R3
Junos OS versions 21.4 prior to 21.4R2
Junos OS versions 22.1 prior to 22.1R2
Description
The issue is related to a Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS. This vulnerability allows an unauthenticated attacker to execute malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. The vulnerability is caused by errors in processing input data.
Recommendations
For Junos OS versions prior to 19.1R3-S9, update to version 19.1R3-S9 or later.
For Junos OS versions 19.2 prior to 19.2R3-S6, update to version 19.2R3-S6 or later.
For Junos OS versions 19.3 prior to 19.3R3-S7, update to version 19.3R3-S7 or later.
For Junos OS versions 19.4 prior to 19.4R2-S7, 19.4R3-S8, update to version 19.4R2-S7, 19.4R3-S8 or later.
For Junos OS versions 20.1 prior to 20.1R3-S5, update to version 20.1R3-S5 or later.
For Junos OS versions 20.2 prior to 20.2R3-S5, update to version 20.2R3-S5 or later.
For Junos OS versions 20.3 prior to 20.3R3-S5, update to version 20.3R3-S5 or later.
For Junos OS versions 20.4 prior to 20.4R3-S4, update to version 20.4R3-S4 or later.
For Junos OS versions 21.1 prior to 21.1R3-S4, update to version 21.1R3-S4 or later.
For Junos OS versions 21.2 prior to 21.2R3-S1, update to version 21.2R3-S1 or later.
For Junos OS versions 21.3 prior to 21.3R3, update to version 21.3R3 or later.
For Junos OS versions 21.4 prior to 21.4R2, update to version 21.4R2 or later.
For Junos OS versions 22.1 prior to 22.1R2, update to version 22.1R2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos