Juniper Junos SRX Series Web Authentication XSS (JSA10640)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

According to its self-reported version number, the remote Junos device
is affected by a reflected cross site scripting vulnerability. An
attacker can exploit this to steal sensitive information or session
credentials from firewall users.

Note that this issue only affects devices where Web Authentication is
used for firewall user authentication

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640

Solution :

Apply the relevant Junos software release or workaround referenced in
Juniper advisory JSA10640.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Junos Local Security Checks

Nessus Plugin ID: 76507 ()

Bugtraq ID: 68548

CVE ID: CVE-2014-3821

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now