Detections
Analytics

Juniper ScreenOS 5.4.x < 5.4.0r12 / 6.1.x / 6.2.x < 6.2.0r2 'about.html' Information Disclosure

medium Nessus Plugin ID 74366

Language:

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote host is running a version of Juniper ScreenOS prior to 5.4.0r12 / 6.2.0r2. It is, therefore, affected by an information disclosure vulnerability due to system information being displayed in the 'about.html' page. A remote, unauthenticated attacker could leverage this information to aid in further attacks.

Solution

Upgrade to 5.4.0r12 / 6.2.0r2 or later.

See Also

https://www.juniper.net/security/auto/vulnerabilities/vuln34710.html

https://www.securityfocus.com/archive/1/502958

http://www.nessus.org/u?3496f575

Plugin Details

Severity: Medium

ID: 74366

File Name: screenos_about_html_info_disclosure.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 6/6/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:juniper:screenos

Required KB Items: Host/Juniper/ScreenOS/display_version, Host/Juniper/ScreenOS/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/18/2009

Vulnerability Publication Date: 4/24/2009

Reference Information

BID: 34710