This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
According to its self-reported version number, the remote Juniper
Junos device is affected by multiple vulnerabilities in the J-Web
- A cross-site scripting vulnerability exists due to a
failure to validate input before returning it to users.
A remote attacker, using a crafted request, can exploit
this to gain access to session credentials or execute
administrative actions through the user's browser.
- A denial of service vulnerability exists in error
handling that allows an attacker to crash the J-Web
Note that these issues only affects devices with J-Web enabled.
See also :
Apply the relevant Junos software release or workaround referenced in
Juniper advisory JSA10682.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true