Vulnerabilites related to juniper - screenos
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
8.4 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
"matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
"matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
"matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
"matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
"matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript en la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
}
],
"id": "CVE-2017-2338",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:24.063",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-19 18:59
Modified
2025-04-12 10:46
Severity ?
Summary
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10704 | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1033832 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10704 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033832 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:*:r12:*:*:*:*:*:*",
"matchCriteriaId": "E4AD05F7-56C8-4DF5-9C16-983E0B3B94D3",
"versionEndIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet."
},
{
"lang": "es",
"value": "La funcionalidad de procesamiento de paquete de L2TP en Juniper Netscreen y productos de ScreenOS Firewall con ScreenOS en versiones anteriores a 6.3.0r13-dnd1, 6.3.0r14 hasta la versi\u00f3n 6.3.0r18 en versiones anteriores a 6.3.0r18-dnc1 y 6.3.0r19 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un paquete L2TP manipulado."
}
],
"id": "CVE-2015-7750",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-19T18:59:03.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-15 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet."
},
{
"lang": "es",
"value": "La interfaz de servicios web administrativos en Juniper ScreenOS en versiones anteriores a 6.3.0r21 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio) a trav\u00e9s de un paquete SSL manipulado."
}
],
"id": "CVE-2016-1268",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-15T14:59:04.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
8.4 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
"matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
"matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
"matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
"matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
"matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript hacia la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite a un usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
}
],
"id": "CVE-2017-2335",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:23.953",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-10 22:29
Modified
2024-11-21 03:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securitytracker.com/id/1040185 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10841 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040185 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10841 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0r1 | |
| juniper | screenos | 6.3.0r2 | |
| juniper | screenos | 6.3.0r3 | |
| juniper | screenos | 6.3.0r4 | |
| juniper | screenos | 6.3.0r5 | |
| juniper | screenos | 6.3.0r6 | |
| juniper | screenos | 6.3.0r7 | |
| juniper | screenos | 6.3.0r8 | |
| juniper | screenos | 6.3.0r9 | |
| juniper | screenos | 6.3.0r10 | |
| juniper | screenos | 6.3.0r11 | |
| juniper | screenos | 6.3.0r12 | |
| juniper | screenos | 6.3.0r13 | |
| juniper | screenos | 6.3.0r14 | |
| juniper | screenos | 6.3.0r15 | |
| juniper | screenos | 6.3.0r16 | |
| juniper | screenos | 6.3.0r17 | |
| juniper | screenos | 6.3.0r18 | |
| juniper | screenos | 6.3.0r19 | |
| juniper | screenos | 6.3.0r20 | |
| juniper | screenos | 6.3.0r21 | |
| juniper | screenos | 6.3.0r22 | |
| juniper | screenos | 6.3.0r23 | |
| juniper | screenos | 6.3.0r24 | |
| juniper | screenos | 6.3.0r25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r1:*:*:*:*:*:*:*",
"matchCriteriaId": "128A2A6F-24CA-4303-926B-C962E38FC324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r2:*:*:*:*:*:*:*",
"matchCriteriaId": "2085C6EB-8F7E-4C88-830C-36F4C003E96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "D30EBD81-2218-4DCA-BC4F-4624B41563DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r4:*:*:*:*:*:*:*",
"matchCriteriaId": "B43E97D7-5525-4B83-9FB7-B36449F84E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r5:*:*:*:*:*:*:*",
"matchCriteriaId": "2E85EE82-8F34-4E21-8682-310BC6E53A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r6:*:*:*:*:*:*:*",
"matchCriteriaId": "8272D51C-59EB-480D-B8A4-23976C51036F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r7:*:*:*:*:*:*:*",
"matchCriteriaId": "43D62963-ACE0-47A3-AEF3-A12454D7E7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r8:*:*:*:*:*:*:*",
"matchCriteriaId": "4835C1B4-EB1A-488B-9799-E5C5D9279B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6BD8C5-7808-404C-BD87-C68CC7DF6E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r10:*:*:*:*:*:*:*",
"matchCriteriaId": "78EDC6F7-C346-4497-B5F8-D1282E1E7015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r11:*:*:*:*:*:*:*",
"matchCriteriaId": "42A5CF27-9A1F-4008-96C9-08B4C9FE2CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r12:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D823AC-5826-4C23-B84D-0E4142D0B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r13:*:*:*:*:*:*:*",
"matchCriteriaId": "029D2916-2D70-4852-971E-8A457738C979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r14:*:*:*:*:*:*:*",
"matchCriteriaId": "C223BBB3-DF4D-4FB1-9E8C-516BF34D52D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r15:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD6586D-D83E-4FED-A80C-6E30C52EA892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r16:*:*:*:*:*:*:*",
"matchCriteriaId": "E362A871-0E72-4F43-BDC0-DD35435545BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r17:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F87AC-98C0-46C0-8998-AE89433800FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r18:*:*:*:*:*:*:*",
"matchCriteriaId": "76337F8E-365F-4127-8C7D-C9A7AF1B8782",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r19:*:*:*:*:*:*:*",
"matchCriteriaId": "5137B6ED-2C48-45D0-BA8E-635D6667B3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r20:*:*:*:*:*:*:*",
"matchCriteriaId": "AEECE2C5-6394-40ED-942C-3347FD442130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r21:*:*:*:*:*:*:*",
"matchCriteriaId": "088F36E4-6D30-4419-8218-9674B3F452B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r22:*:*:*:*:*:*:*",
"matchCriteriaId": "0F274BB9-3B67-469D-AB5D-11C46F5BFAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r23:*:*:*:*:*:*:*",
"matchCriteriaId": "ED0002B9-D6DD-4A24-8EE1-B19BF9ECDF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r24:*:*:*:*:*:*:*",
"matchCriteriaId": "571F99F3-95F5-456D-B6DD-330C1A77BE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0r25:*:*:*:*:*:*:*",
"matchCriteriaId": "1090782C-8BCD-4643-A740-1464D0D85C82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25."
},
{
"lang": "es",
"value": "Los dispositivos Juniper Networks ScreenOS no rellenan con ceros los paquetes Ethernet, por lo que algunos paquetes podr\u00edan contener fragmentos de memoria del sistema o datos de paquetes anteriores. Este problema se suele detectar como CVE-2003-0001. Este problema afecta a todas las versiones de Juniper Networks ScreenOS anteriores a 6.3.0r25."
}
],
"id": "CVE-2018-0014",
"lastModified": "2024-11-21T03:37:21.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T22:29:01.463",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040185"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10841"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-19 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.2.0r15 | |
| juniper | screenos | 6.2.0r16 | |
| juniper | screenos | 6.2.0r17 | |
| juniper | screenos | 6.2.0r18 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A62F5E-5E9B-4AF3-B4D0-1863FFD7AF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBD7805-B9BD-4A51-B6AF-B0D4C66466A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0F87C3-666B-42D9-850B-88D55AC6FE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*",
"matchCriteriaId": "71906D2F-EA04-4B77-ABD5-B1BB4832E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*",
"matchCriteriaId": "1D1377D2-A31B-4081-890F-8955D86E50C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de cifrado en Juniper ScreenOS 6.2.0r15 hasta la versi\u00f3n 6.2.0r18, 6.3.0r12 en versiones anteriores a 6.3.0r12b, 6.3.0r13 en versiones anteriores a 6.3.0r13b, 6.3.0r14 en versiones anteriores a 6.3.0r14b, 6.3.0r15 en versiones anteriores a 6.3.0r15b, 6.3.0r16 en versiones anteriores a 6.3.0r16b, 6.3.0r17 en versiones anteriores a 6.3.0r17b, 6.3.0r18 en versiones anteriores a 6.3.0r18b, 6.3.0r19 en versiones anteriores a 6.3.0r19b y 6.3.0r20 en versiones anteriores a 6.3.0r21 facilita a atacantes remotos descubrir en texto plano el contenido de las sesiones VPN mediante el rastreo de la red en busca de datos de texto cifrados y llevar a cabo un ataque de descifrado no especificado."
}
],
"id": "CVE-2015-7756",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-19T14:59:02.767",
"references": [
{
"source": "cve@mitre.org",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"source": "cve@mitre.org",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"source": "cve@mitre.org",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"source": "cve@mitre.org",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"source": "cve@mitre.org",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECC9C27-3EB0-499C-918C-2D0486CFC432",
"versionEndIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E667CDEA-4C5E-4AE8-BAC6-D0E18DA5F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA9D7A2-2621-4741-A20F-CEF4C5764709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A658500D-84C8-4F33-9AD3-2DF76DC41459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2B4E7A-30F3-488E-A685-7CBF998C7E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP."
},
{
"lang": "es",
"value": "Los dispositivos Juniper Networks NetScreen Firewall con ScreenOS anterior a 6.3r17, cuando configurados para utilizar el cliente de b\u00fasqueda DNS interno, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda y reinicio) a trav\u00e9s de una secuencia de paquetes malformados en el IP del dispositivo."
}
],
"id": "CVE-2014-3814",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-13T14:55:16.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-23 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/229804 | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/BLUU-97KQ26 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/229804 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/BLUU-97KQ26 | US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD172DD1-A2A1-4A01-9490-D5EE34E82D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59812A01-EED0-4D83-8837-462E51519B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC5D0F9-0769-4227-8E77-AC62811DCF4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "944F82C3-FF55-4658-B620-CE84F414F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9AF7EE-F027-4F38-B33F-C9B4E53C8E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F33B07-7036-4A13-9B54-D191D8085295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.0r3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F54221-F4EE-48DD-83AE-E75034987558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.0r4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE1BE08-EF00-4454-8167-15D978145E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF54C9B6-F73B-421B-9B2C-A6F46A9C3618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFFA914-40DA-44DF-9C51-CBC753659C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9EA5F0-08D8-476B-B3B9-009E5BB0A6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D815C4FB-9D6B-4DDF-A60A-4BD721D3CB21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "658ED891-8E65-44F0-9797-07811AC5243F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6D0229-9738-4472-B452-0D93EAEA7446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "24DD3017-5939-4EDC-8A9E-A673195B705E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1B9023-0D1E-456A-8ED5-AF63FA8A7F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78629980-A94C-4E13-86A4-C6CEC686B4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0131C19D-4AF7-410A-A7C9-6AFD3494A743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA66D3D-A91B-4573-B287-AB73DF17415C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8089D28-839F-45CF-9247-969A9739E685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3195C856-8C0F-44DA-8DBB-ADD1854F0D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15480017-59ED-446C-9E9C-13D710ABC9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1C2CC2-9EA4-4017-BFF7-399FEBA0DE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F443DB8-1E98-4D66-A75D-DCC4716218E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EBFBB-9236-436F-AC05-C7AFD9452A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "851DD20A-9796-4B06-A9FF-C16D74310156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "38C56079-E4AC-4CE2-805D-AB893F82070C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EE5FF2-A12F-41EF-9A3D-66B471288BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6086F9-431D-4A9D-BBFA-12A3A7FCE317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8EFF72-7F38-4B55-B449-F22801D7C18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "195D3916-4B92-4A49-8988-20F9B9E9FF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD4416F-E655-4D37-A28E-0623AA031423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "378472AD-60F1-4A78-8256-DEF52ECB5602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DB4226-A4B1-4647-88CA-74AAFA3AE022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7CAA11-F8FE-4732-A649-B9DD751917F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F474869-F2AD-4B2A-BF9D-66BAA8F8C3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DA28B556-9507-44B0-8F52-7FB9CADC74DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "135EA92C-6699-4686-8827-30E50C74BB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FFDD73-F4A7-42BC-8CEF-4E7CC469CF28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3546BA8D-CEA4-4C95-B18F-4AC112195008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC12ED6-463F-4576-80F4-E1B697B579B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "37235C6B-B7B8-41EC-A1D2-336D8BAD9DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2DA1E-12A7-4018-92CE-7621FC278025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4r:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEFBB24-9EDB-4263-B1BF-6DF4E3642A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "B36C97C5-FE31-488E-BFFC-6FD0FD676E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DFF18C-672C-49D4-BDC7-9D2E1D945E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23759-F3CC-45D8-B6C7-2C24F9010EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7B435-75C8-4A9C-A679-B0B51A5DD334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF5517B-D3E5-492A-9C27-C187AD5AEC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41543223-0FA9-4CBE-8DEC-717CE5FFED79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*",
"matchCriteriaId": "80EFC6D6-43F9-4277-ACAC-D5929AF6FF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B8FD6-A597-4845-8E8E-63EFDF606006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE31A7E-657C-49FC-B3F8-5654B0C6087E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
"matchCriteriaId": "1B307477-C5F2-4D98-AF4C-640D326164C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*",
"matchCriteriaId": "8E747970-4C27-4B46-9163-964252CB98F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB9541A-2570-459A-87D6-5341C67B8EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71FB12AC-DB5A-444A-81E0-C0DDD06810EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB7D840-9469-4CE2-8DBF-017A44741374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AF5DAA-62F5-491F-A9CE-098970671D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junose:*:*:*:*:*:*:*:*",
"matchCriteriaId": "226E0D5B-2D0D-443E-9B54-4ABF8A89FCD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECC9C27-3EB0-499C-918C-2D0486CFC432",
"versionEndIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D20BE-9AA1-44E2-B4C3-90A873B2329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E667CDEA-4C5E-4AE8-BAC6-D0E18DA5F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA9D7A2-2621-4741-A20F-CEF4C5764709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de OSPF en Juniper Junos hasta la versi\u00f3n 13.x, JunosE, y ScreenOS hasta la versi\u00f3n 6.3.x no considera la posibilidad de valores Link State ID duplicados en Link State Adverisement (LSA) antes de realizar operaciones en la base de datos LSA, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (interrupci\u00f3n de enrutamiento) u obtener informaci\u00f3n sensible de paquetes a trav\u00e9s de un paquete LSA manipulado, una vulnerabilidad relacionada con CVE-2013-0149."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/694.html\n\n\"CWE-694: Use of Multiple Resources with Duplicate Identifier\"",
"id": "CVE-2013-7313",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-23T17:55:05.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/229804"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/229804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-13 18:07
Modified
2025-04-11 00:51
Severity ?
Summary
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 5.4.0 | |
| juniper | screenos | 6.2.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | netscreen-5200 | - | |
| juniper | netscreen-5400 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D20BE-9AA1-44E2-B4C3-90A873B2329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A658500D-84C8-4F33-9AD3-2DF76DC41459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2B4E7A-30F3-488E-A685-7CBF998C7E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
},
{
"lang": "es",
"value": "Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead est\u00e1 deshabilitada, permite a atacantes remotos causar una denegaci\u00f3n de servico a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2013-6958",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-13T18:07:54.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN28436508/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/100861"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029490"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN28436508/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECC9C27-3EB0-499C-918C-2D0486CFC432",
"versionEndIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D20BE-9AA1-44E2-B4C3-90A873B2329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E667CDEA-4C5E-4AE8-BAC6-D0E18DA5F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA9D7A2-2621-4741-A20F-CEF4C5764709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet."
},
{
"lang": "es",
"value": "Juniper ScreenOS 6.3 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda y reinicio o recuperaci\u00f3n de sesi\u00f3n ante fallos) a trav\u00e9s de un paquete SSL/TLS malformado."
}
],
"id": "CVE-2014-2842",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T14:55:05.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57910"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/480428"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/66802"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/480428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
8.4 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
"matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
"matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
"matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
"matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
"matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript en la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
}
],
"id": "CVE-2017-2337",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:24.030",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-08 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:*:r20:*:*:*:*:*:*",
"matchCriteriaId": "18CD28D9-02DA-4BDE-8CCE-F11D631696A0",
"versionEndIncluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation."
},
{
"lang": "es",
"value": "Juniper ScreenOS en versiones anteriores a 6.3.0r21, cuando ssh-pka est\u00e1 configurado y habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de sistema) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de una negociaci\u00f3n SSH manipulada."
}
],
"id": "CVE-2015-7754",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-08T19:59:08.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79627"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034490"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-13 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECC9C27-3EB0-499C-918C-2D0486CFC432",
"versionEndIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E667CDEA-4C5E-4AE8-BAC6-D0E18DA5F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA9D7A2-2621-4741-A20F-CEF4C5764709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A658500D-84C8-4F33-9AD3-2DF76DC41459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F2B4E7A-30F3-488E-A685-7CBF998C7E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en los productos de Juniper Networks NetScreen Firewall con ScreenOS anterior a 6.3r17, cuando est\u00e1 configurado para utilizar el cliente de b\u00fasqueda DNS interno, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda y reinicio) a trav\u00e9s de vectores relacionados con una b\u00fasqueda DNS."
}
],
"id": "CVE-2014-3813",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-13T14:55:16.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-12-19 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*",
"matchCriteriaId": "1D1377D2-A31B-4081-890F-8955D86E50C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session."
},
{
"lang": "es",
"value": "Juniper ScreenOS 6.2.0r15 hasta la versi\u00f3n 6.2.0r18, 6.3.0r12 en versiones anteriores a 6.3.0r12b, 6.3.0r13 en versiones anteriores a 6.3.0r13b, 6.3.0r14 en versiones anteriores a 6.3.0r14b, 6.3.0r15 en versiones anteriores a 6.3.0r15b, 6.3.0r16 en versiones anteriores a 6.3.0r16b, 6.3.0r17 en versiones anteriores a 6.3.0r17b, 6.3.0r18 en versiones anteriores a 6.3.0r18b, 6.3.0r19 en versiones anteriores a 6.3.0r19b y 6.3.0r20 en versiones anteriores a 6.3.0r21 permite a atacantes remotos obtener acceso administrativo entrando una contrase\u00f1a no especificada durante una sesi\u00f3n (1) SSH o (2) TELNET."
}
],
"id": "CVE-2015-7755",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-12-19T14:59:01.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"source": "cve@mitre.org",
"url": "http://twitter.com/cryptoron/statuses/677900647560253442"
},
{
"source": "cve@mitre.org",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/79626"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"source": "cve@mitre.org",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"source": "cve@mitre.org",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"source": "cve@mitre.org",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twitter.com/cryptoron/statuses/677900647560253442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
9.6 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
"matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
"matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
"matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
"matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
"matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) reflejado en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un atacante sobre la red inyectar contenido HTML/JavaScript hacia la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el Administrador. Esto permite al atacante ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
}
],
"id": "CVE-2017-2336",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:23.987",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
8.4 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| sirt@juniper.net | https://kb.juniper.net/JSA10782 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99590 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038881 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA10782 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 | |
| juniper | screenos | 6.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
"matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
"matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
"matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
"matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
"matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
"matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
"matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
"matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript en la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
}
],
"id": "CVE-2017-2339",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:24.127",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "sirt@juniper.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA10782"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-1268 (GCVE-0-2016-1268)
Vulnerability from cvelistv5
Published
2016-04-15 14:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732"
},
{
"name": "1035666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732"
},
{
"name": "1035666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10732"
},
{
"name": "1035666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1268",
"datePublished": "2016-04-15T14:00:00",
"dateReserved": "2015-12-30T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2842 (GCVE-0-2014-2842)
Vulnerability from cvelistv5
Published
2014-04-15 14:00
Modified
2024-08-06 10:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#480428",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/480428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"name": "66802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66802"
},
{
"name": "57910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57910"
},
{
"name": "1030564",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-16T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#480428",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/480428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"name": "66802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66802"
},
{
"name": "57910",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57910"
},
{
"name": "1030564",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#480428",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/480428"
},
{
"name": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10624"
},
{
"name": "66802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66802"
},
{
"name": "57910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57910"
},
{
"name": "1030564",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2842",
"datePublished": "2014-04-15T14:00:00",
"dateReserved": "2014-04-10T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7313 (GCVE-0-2013-7313)
Vulnerability from cvelistv5
Published
2014-01-23 17:00
Modified
2024-09-16 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26"
},
{
"name": "VU#229804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/229804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-23T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26"
},
{
"name": "VU#229804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/229804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-97KQ26"
},
{
"name": "VU#229804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/229804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7313",
"datePublished": "2014-01-23T17:00:00Z",
"dateReserved": "2014-01-23T00:00:00Z",
"dateUpdated": "2024-09-16T17:24:00.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2338 (GCVE-0-2017-2338)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- persistent cross site scripting vulnerability
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: 6.3.0 prior to 6.3.0r24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SSG Series"
],
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "6.3.0 prior to 6.3.0r24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
},
{
"lang": "en",
"value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "persistent cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T19:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2338",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persistent cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2338",
"datePublished": "2017-07-14T14:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T23:41:11.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7754 (GCVE-0-2015-7754)
Vulnerability from cvelistv5
Published
2016-01-08 19:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79627",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79627"
},
{
"name": "1034490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-08T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "79627",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79627"
},
{
"name": "1034490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79627"
},
{
"name": "1034490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034490"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7754",
"datePublished": "2016-01-08T19:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2335 (GCVE-0-2017-2335)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- persistent cross site scripting vulnerability
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: 6.3.0 prior to 6.3.0r24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SSG Series"
],
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "6.3.0 prior to 6.3.0r24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
},
{
"lang": "en",
"value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "persistent cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T19:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2335",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persistent cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2335",
"datePublished": "2017-07-14T14:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:17:28.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2339 (GCVE-0-2017-2339)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- persistent cross site scripting vulnerability
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: 6.3.0 prior to 6.3.0r24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SSG Series"
],
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "6.3.0 prior to 6.3.0r24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
},
{
"lang": "en",
"value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "persistent cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T19:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2339",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persistent cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2339",
"datePublished": "2017-07-14T14:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:52:25.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2336 (GCVE-0-2017-2336)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- reflected cross site scripting vulnerability
Summary
A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: 6.3.0 prior to 6.3.0r24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SSG Series"
],
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "6.3.0 prior to 6.3.0r24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
},
{
"lang": "en",
"value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T19:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2336",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2336",
"datePublished": "2017-07-14T14:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T17:38:40.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7756 (GCVE-0-2015-7756)
Vulnerability from cvelistv5
Published
2015-12-19 11:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
"refsource": "MISC",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
"refsource": "CONFIRM",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"name": "https://github.com/hdm/juniper-cve-2015-7755",
"refsource": "MISC",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
"refsource": "MISC",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7756",
"datePublished": "2015-12-19T11:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3813 (GCVE-0-2014-3813)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
},
{
"name": "59026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-20T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
},
{
"name": "59026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10631"
},
{
"name": "59026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3813",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7750 (GCVE-0-2015-7750)
Vulnerability from cvelistv5
Published
2015-10-19 18:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033832",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033832"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7750",
"datePublished": "2015-10-19T18:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0014 (GCVE-0-2018-0014)
Vulnerability from cvelistv5
Published
2018-01-10 22:00
Modified
2024-09-16 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information leak
Summary
Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: all < 6.3.0r25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:14:16.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10841"
},
{
"name": "1040185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "6.3.0r25",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-16T10:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10841"
},
{
"name": "1040185",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040185"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 6.3.0r25 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10841",
"defect": [
"1281648"
],
"discovery": "EXTERNAL"
},
"title": "ScreenOS: Etherleak vulnerability found on ScreenOS device",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "Etherleak",
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-01-10T17:00:00.000Z",
"ID": "CVE-2018-0014",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: Etherleak vulnerability found on ScreenOS device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "all",
"version_value": "6.3.0r25"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10841",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10841"
},
{
"name": "1040185",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040185"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 6.3.0r25 and all subsequent releases."
}
],
"source": {
"advisory": "JSA10841",
"defect": [
"1281648"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2018-0014",
"datePublished": "2018-01-10T22:00:00Z",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-09-16T16:37:27.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3814 (GCVE-0-2014-3814)
Vulnerability from cvelistv5
Published
2014-06-13 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
},
{
"name": "59026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-20T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
},
{
"name": "59026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10632"
},
{
"name": "59026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3814",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-05-21T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7755 (GCVE-0-2015-7755)
Vulnerability from cvelistv5
Published
2015-12-19 11:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/cryptoron/statuses/677900647560253442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"name": "79626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/cryptoron/statuses/677900647560253442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"name": "79626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
},
{
"name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
"refsource": "MISC",
"url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
},
{
"name": "1034489",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034489"
},
{
"name": "VU#640184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/640184"
},
{
"name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
"refsource": "CONFIRM",
"url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
},
{
"name": "https://github.com/hdm/juniper-cve-2015-7755",
"refsource": "MISC",
"url": "https://github.com/hdm/juniper-cve-2015-7755"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
},
{
"name": "http://twitter.com/cryptoron/statuses/677900647560253442",
"refsource": "MISC",
"url": "http://twitter.com/cryptoron/statuses/677900647560253442"
},
{
"name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
"refsource": "MISC",
"url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
},
{
"name": "79626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7755",
"datePublished": "2015-12-19T11:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6958 (GCVE-0-2013-6958)
Vulnerability from cvelistv5
Published
2013-12-13 18:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000119",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
},
{
"name": "100861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100861"
},
{
"name": "1029490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10604"
},
{
"name": "JVN#28436508",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN28436508/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-31T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVNDB-2013-000119",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
},
{
"name": "100861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100861"
},
{
"name": "1029490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10604"
},
{
"name": "JVN#28436508",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN28436508/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000119",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
},
{
"name": "100861",
"refsource": "OSVDB",
"url": "http://osvdb.org/100861"
},
{
"name": "1029490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029490"
},
{
"name": "https://kb.juniper.net/JSA10604",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10604"
},
{
"name": "JVN#28436508",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28436508/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6958",
"datePublished": "2013-12-13T18:00:00",
"dateReserved": "2013-12-04T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2337 (GCVE-0-2017-2337)
Vulnerability from cvelistv5
Published
2017-07-14 14:00
Modified
2024-09-16 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- persistent cross site scripting vulnerability
Summary
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | ScreenOS |
Version: 6.3.0 prior to 6.3.0r24 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"SSG Series"
],
"product": "ScreenOS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "6.3.0 prior to 6.3.0r24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
},
{
"lang": "en",
"value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
}
],
"datePublic": "2017-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "persistent cross site scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-21T19:57:01",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99590"
}
],
"title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
"workarounds": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2337",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persistent cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "en",
"value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2017-2337",
"datePublished": "2017-07-14T14:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T20:13:15.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}