CVE-2017-2337

EPSS 0.21%
Veröffentlicht 17.07.2017 13:18:24
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Screenos Version6.3.0

Juniper ≫ Screenos Version6.3.0 Updater1

Juniper ≫ Screenos Version6.3.0 Updater10

Juniper ≫ Screenos Version6.3.0 Updater11

Juniper ≫ Screenos Version6.3.0 Updater12

Juniper ≫ Screenos Version6.3.0 Updater13

Juniper ≫ Screenos Version6.3.0 Updater14

Juniper ≫ Screenos Version6.3.0 Updater15

Juniper ≫ Screenos Version6.3.0 Updater16

Juniper ≫ Screenos Version6.3.0 Updater17

Juniper ≫ Screenos Version6.3.0 Updater18

Juniper ≫ Screenos Version6.3.0 Updater19

Juniper ≫ Screenos Version6.3.0 Updater2

Juniper ≫ Screenos Version6.3.0 Updater21

Juniper ≫ Screenos Version6.3.0 Updater22

Juniper ≫ Screenos Version6.3.0 Updater23

Juniper ≫ Screenos Version6.3.0 Updater23b

Juniper ≫ Screenos Version6.3.0 Updater3

Juniper ≫ Screenos Version6.3.0 Updater4

Juniper ≫ Screenos Version6.3.0 Updater5

Juniper ≫ Screenos Version6.3.0 Updater6

Juniper ≫ Screenos Version6.3.0 Updater7

Juniper ≫ Screenos Version6.3.0 Updater8

Juniper ≫ Screenos Version6.3.0 Updater9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.402

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
sirt@juniper.net	8.4	1.7	6	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/99590

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038881

Third Party Advisory

VDB Entry

https://kb.juniper.net/JSA10782

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-2337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2337

EUVD