Juniper Junos OS Vulnerability (JSA11238)

medium Nessus Plugin ID 161775

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11238

See Also

https://kb.juniper.net/JSA11238

Plugin Details

Severity: Medium

ID: 161775

File Name: juniper_jsa11238.nasl

Version: 1.2

Type: combined

Published: 6/2/2022

Updated: 6/3/2022

Risk Information

VPR

Risk Factor: Low

Score: 3

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2021-31373

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/model

Exploit Ease: No known exploits are available

Patch Publication Date: 9/28/2021

Vulnerability Publication Date: 9/28/2021

Reference Information

CVE: CVE-2021-31373

JSA: JSA11238