cvelistv5 - cve-2017-2337

CVE-2017-2337 (GCVE-0-2017-2337)

Vulnerability from cvelistv5 – Published: 2017-07-14 14:00 – Updated: 2024-09-16 20:13

Summary

Severity ?

8.4 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE

persistent cross site scripting vulnerability

Assigner

juniper

References

URL

Tags

	https://kb.juniper.net/JSA10782	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038881	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/99590	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Juniper Networks	ScreenOS	Affected: 6.3.0 prior to 6.3.0r24

Credits

Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC. Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10782"
          },
          {
            "name": "1038881",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038881"
          },
          {
            "name": "99590",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99590"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SSG Series"
          ],
          "product": "ScreenOS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "status": "affected",
              "version": "6.3.0 prior to 6.3.0r24"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC."
        },
        {
          "lang": "en",
          "value": "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
        }
      ],
      "datePublic": "2017-07-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "persistent cross site scripting vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-21T19:57:01",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10782"
        },
        {
          "name": "1038881",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038881"
        },
        {
          "name": "99590",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99590"
        }
      ],
      "title": "ScreenOS: XSS vulnerability in ScreenOS Firewall",
      "workarounds": [
        {
          "lang": "en",
          "value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "DATE_PUBLIC": "2017-07-12T09:00",
          "ID": "CVE-2017-2337",
          "STATE": "PUBLIC",
          "TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ScreenOS",
                      "version": {
                        "version_data": [
                          {
                            "platform": "SSG Series",
                            "version_value": "6.3.0 prior to 6.3.0r24"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Juniper Networks"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
          "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
            }
          ]
        },
        "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "persistent cross site scripting vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10782",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10782"
            },
            {
              "name": "1038881",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038881"
            },
            {
              "name": "99590",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99590"
            }
          ]
        },
        "solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities  fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
        "work_around": [
          {
            "lang": "en",
            "value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2017-2337",
    "datePublished": "2017-07-14T14:00:00Z",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-09-16T20:13:15.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2F484AD-901C-4D4E-81D0-41C177A73246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"41DE622D-529B-4D89-BAE2-1AFA64C21930\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*\", \"matchCriteriaId\": \"85E96339-7B15-425C-93BF-A6C3909BC514\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*\", \"matchCriteriaId\": \"68BF865C-C264-40B9-ADE2-0E4E2F389533\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*\", \"matchCriteriaId\": \"C31D61E2-7DD7-4BE0-A6B2-05F609248C75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*\", \"matchCriteriaId\": \"443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A45A2F9-F33F-429B-A66D-B2BCBA7B8836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6923ED1-A07D-46FD-BB81-ECA920E13840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*\", \"matchCriteriaId\": \"9323A380-A99C-4B35-B379-51A57CF17678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B6F2143-1B00-4F3D-9454-24A80D9C88FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*\", \"matchCriteriaId\": \"29AF89BB-010B-4E95-8E80-69749BDF4211\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC0181A3-AD21-403B-B583-3AB729E57A1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC170FC3-A579-4EF4-8120-C5DEDC939D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B9FC3EB-4B5A-4036-BECE-2F170033F1EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*\", \"matchCriteriaId\": \"184A1C40-2A96-4662-BE43-E02AA9D5AFA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAA53A17-46E0-4CAD-9F19-3949A2B9D08A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F9D4824-4734-4BAF-84B0-A57692DC339D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FCF8354-8178-4A34-ACC6-E513A74CC7D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*\", \"matchCriteriaId\": \"22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F63C5B5-C813-4456-8D1B-B3CF50DA15CD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\\u00e1ndose en ScreenOS, permite a un usuario con el rol \\u201csecurity\\u201d inyectar contenido HTML/JavaScript en la sesi\\u00f3n de administraci\\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\\u00fan otro producto o plataforma de Juniper Networks est\\u00e1 afectada por este problema.\"}]",
      "id": "CVE-2017-2337",
      "lastModified": "2024-11-21T03:23:18.820",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"sirt@juniper.net\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-07-17T13:18:24.030",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99590\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038881\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10782\", \"source\": \"sirt@juniper.net\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99590\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038881\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://kb.juniper.net/JSA10782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "sirt@juniper.net",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2337\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2017-07-17T13:18:24.030\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript en la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.7,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F484AD-901C-4D4E-81D0-41C177A73246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"41DE622D-529B-4D89-BAE2-1AFA64C21930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E96339-7B15-425C-93BF-A6C3909BC514\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*\",\"matchCriteriaId\":\"68BF865C-C264-40B9-ADE2-0E4E2F389533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*\",\"matchCriteriaId\":\"C31D61E2-7DD7-4BE0-A6B2-05F609248C75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*\",\"matchCriteriaId\":\"443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A45A2F9-F33F-429B-A66D-B2BCBA7B8836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6923ED1-A07D-46FD-BB81-ECA920E13840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*\",\"matchCriteriaId\":\"9323A380-A99C-4B35-B379-51A57CF17678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6F2143-1B00-4F3D-9454-24A80D9C88FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AF89BB-010B-4E95-8E80-69749BDF4211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0181A3-AD21-403B-B583-3AB729E57A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC170FC3-A579-4EF4-8120-C5DEDC939D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B9FC3EB-4B5A-4036-BECE-2F170033F1EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*\",\"matchCriteriaId\":\"184A1C40-2A96-4662-BE43-E02AA9D5AFA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAA53A17-46E0-4CAD-9F19-3949A2B9D08A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F9D4824-4734-4BAF-84B0-A57692DC339D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FCF8354-8178-4A34-ACC6-E513A74CC7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*\",\"matchCriteriaId\":\"22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F63C5B5-C813-4456-8D1B-B3CF50DA15CD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99590\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038881\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10782\",\"source\":\"sirt@juniper.net\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038881\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.juniper.net/JSA10782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-212

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CTPView 7.1, 7.2 et 7.3
N/A	N/A	CTPOS 7.0, 7.1, 7.2 et 7.3
N/A	N/A	ScreenOS versions antérieures à 6.3.0r24
Juniper Networks	Junos OS	Junos OS toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10797 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10794 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10789 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10800 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10793 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10791 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10775 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10795 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10790 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10779 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10787 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10799 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10796 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10792 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10798 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10782 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
    },
    {
      "name": "CVE-2017-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
    },
    {
      "name": "CVE-2017-2346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2017-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
    },
    {
      "name": "CVE-2017-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
    },
    {
      "name": "CVE-2017-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2017-2336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
    },
    {
      "name": "CVE-2017-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-10605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
    },
    {
      "name": "CVE-2017-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
    },
    {
      "name": "CVE-2017-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
    },
    {
      "name": "CVE-2017-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
    },
    {
      "name": "CVE-2017-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2016-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    },
    {
      "name": "CVE-2016-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
    },
    {
      "name": "CVE-2017-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
    },
    {
      "name": "CVE-2017-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
    },
    {
      "name": "CVE-2017-2335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-212

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CTPView 7.1, 7.2 et 7.3
N/A	N/A	CTPOS 7.0, 7.1, 7.2 et 7.3
N/A	N/A	ScreenOS versions antérieures à 6.3.0r24
Juniper Networks	Junos OS	Junos OS toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10797 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10794 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10789 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10800 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10793 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10791 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10775 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10795 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10790 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10779 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10787 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10799 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10796 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10792 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10798 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10782 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
    },
    {
      "name": "CVE-2017-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
    },
    {
      "name": "CVE-2017-2346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2017-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
    },
    {
      "name": "CVE-2017-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
    },
    {
      "name": "CVE-2017-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2017-2336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
    },
    {
      "name": "CVE-2017-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-10605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
    },
    {
      "name": "CVE-2017-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
    },
    {
      "name": "CVE-2017-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
    },
    {
      "name": "CVE-2017-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
    },
    {
      "name": "CVE-2017-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2016-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    },
    {
      "name": "CVE-2016-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
    },
    {
      "name": "CVE-2017-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
    },
    {
      "name": "CVE-2017-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
    },
    {
      "name": "CVE-2017-2335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

FKIE_CVE-2017-2337

Vulnerability from fkie_nvd - Published: 2017-07-17 13:18 - Updated: 2025-04-20 01:37

Severity ?

8.4 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
sirt@juniper.net	http://www.securityfocus.com/bid/99590	Third Party Advisory, VDB Entry
sirt@juniper.net	http://www.securitytracker.com/id/1038881	Third Party Advisory, VDB Entry
sirt@juniper.net	https://kb.juniper.net/JSA10782	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99590	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038881	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10782	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
              "matchCriteriaId": "41DE622D-529B-4D89-BAE2-1AFA64C21930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
              "matchCriteriaId": "85E96339-7B15-425C-93BF-A6C3909BC514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
              "matchCriteriaId": "68BF865C-C264-40B9-ADE2-0E4E2F389533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
              "matchCriteriaId": "C31D61E2-7DD7-4BE0-A6B2-05F609248C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
              "matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
              "matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
              "matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
              "matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
              "matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
              "matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
              "matchCriteriaId": "DC0181A3-AD21-403B-B583-3AB729E57A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
              "matchCriteriaId": "FC170FC3-A579-4EF4-8120-C5DEDC939D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
              "matchCriteriaId": "1B9FC3EB-4B5A-4036-BECE-2F170033F1EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
              "matchCriteriaId": "184A1C40-2A96-4662-BE43-E02AA9D5AFA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
              "matchCriteriaId": "BAA53A17-46E0-4CAD-9F19-3949A2B9D08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
              "matchCriteriaId": "B3D68DB5-4F2F-4C31-9329-7AD74F7C5F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
              "matchCriteriaId": "6F9D4824-4734-4BAF-84B0-A57692DC339D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
              "matchCriteriaId": "9B6A64A3-8273-4BD4-839E-EA0AF6DAEF20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
              "matchCriteriaId": "7FCF8354-8178-4A34-ACC6-E513A74CC7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
              "matchCriteriaId": "22AC6768-B3B4-46BC-AD8D-2AC9ED16F7C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
              "matchCriteriaId": "A52F0C7A-E2EA-48DB-B22C-1E62CE768AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
              "matchCriteriaId": "1F63C5B5-C813-4456-8D1B-B3CF50DA15CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site-scripting (XSS) persistente en la WebUI de NetScreen de Juniper Networks Juniper NetScreen Firewall+VPN ejecut\u00e1ndose en ScreenOS, permite a un usuario con el rol \u201csecurity\u201d inyectar contenido HTML/JavaScript en la sesi\u00f3n de administraci\u00f3n de otros usuarios, incluyendo el administrador. Esto permite al usuario con pocos privilegios ejecutar comandos de manera eficaz con los permisos de un administrador. Este problema afecta a Juniper Networks ScreenOS versi\u00f3n 6.3.0 anteriores a 6.3.0r24 en la serie SSG. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por este problema."
    }
  ],
  "id": "CVE-2017-2337",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0,
        "source": "sirt@juniper.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-17T13:18:24.030",
  "references": [
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99590"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038881"
    },
    {
      "source": "sirt@juniper.net",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10782"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

JVNDB-2017-000183

Vulnerability from jvndb - Published: 2017-07-24 13:52 - Updated:2017-08-09 11:23

Severity ?

8.4 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Summary

Multiple cross-site scripting vulnerabilities in ScreenOS

Details

ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN74247807/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2335
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2336
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2337
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2338
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2339
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2335
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2336
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2337
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2338
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2339
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Juniper Networks, Inc.

ScreenOS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000183.html",
  "dc:date": "2017-08-09T11:23+09:00",
  "dcterms:issued": "2017-07-24T13:52+09:00",
  "dcterms:modified": "2017-08-09T11:23+09:00",
  "description": "ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities.\r\n\r\nToshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000183.html",
  "sec:cpe": {
    "#text": "cpe:/o:juniper:screenos",
    "@product": "ScreenOS",
    "@vendor": "Juniper Networks, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "8.4",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000183",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN74247807/index.html",
      "@id": "JVN#74247807",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2335",
      "@id": "CVE-2017-2335",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2336",
      "@id": "CVE-2017-2336",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2337",
      "@id": "CVE-2017-2337",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2338",
      "@id": "CVE-2017-2338",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2339",
      "@id": "CVE-2017-2339",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2335",
      "@id": "CVE-2017-2335",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2336",
      "@id": "CVE-2017-2336",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2337",
      "@id": "CVE-2017-2337",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2338",
      "@id": "CVE-2017-2338",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2339",
      "@id": "CVE-2017-2339",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple cross-site scripting vulnerabilities in ScreenOS"
}

VAR-201707-0307

Vulnerability from variot - Updated: 2023-12-18 12:03

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the logged in user's web browser. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. ScreenOS is one of those operating systems

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0307",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.3.0"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "prior to 6.3.0r24"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r19",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos 6.3.0r24",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99590"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "99590"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2337",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "VENDOR",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000183",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-110540",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "sirt@juniper.net",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.7,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "VENDOR",
            "availabilityImpact": "High",
            "baseScore": 8.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000183",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2337",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "sirt@juniper.net",
            "id": "CVE-2017-2337",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VENDOR",
            "id": "JVNDB-2017-000183",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-625",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110540",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the logged in user\u0027s web browser. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. ScreenOS is one of those operating systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "BID",
        "id": "99590"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2337",
        "trust": 2.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10782",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1038881",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "99590",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVN74247807",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-110540",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "db": "BID",
        "id": "99590"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "id": "VAR-201707-0307",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:51.599000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2017-07 Security Bulletin: ScreenOS: Multiple XSS vulnerabilities in ScreenOS Firewall",
        "trust": 0.8,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10782\u0026actp=metadata"
      },
      {
        "title": "Juniper SSG Series device ScreenOS Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71743"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://kb.juniper.net/jsa10782"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/99590"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038881"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2338"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2339"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2335"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2336"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2337"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/en/jp/jvn74247807/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2335"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2336"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2337"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2338"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2339"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038881"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10782\u0026actp=rss"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "db": "BID",
        "id": "99590"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "db": "BID",
        "id": "99590"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "BID",
        "id": "99590"
      },
      {
        "date": "2017-07-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "date": "2017-07-17T13:18:24.030000",
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110540"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "BID",
        "id": "99590"
      },
      {
        "date": "2017-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      },
      {
        "date": "2017-07-22T01:29:01.410000",
        "db": "NVD",
        "id": "CVE-2017-2337"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting vulnerabilities in ScreenOS",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000183"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-625"
      }
    ],
    "trust": 0.6
  }
}

GHSA-WCCX-JHF8-9569

Vulnerability from github – Published: 2022-05-17 02:27 – Updated: 2022-05-17 02:27

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-17T13:18:00Z",
    "severity": "MODERATE"
  },
  "details": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.",
  "id": "GHSA-wccx-jhf8-9569",
  "modified": "2022-05-17T02:27:13Z",
  "published": "2022-05-17T02:27:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2337"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10782"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99590"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038881"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-2337

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-2337

Aliases

CVE-2017-2337

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2337",
    "description": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.",
    "id": "GSD-2017-2337"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2337"
      ],
      "details": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.",
      "id": "GSD-2017-2337",
      "modified": "2023-12-13T01:21:05.858465Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "sirt@juniper.net",
        "DATE_PUBLIC": "2017-07-12T09:00",
        "ID": "CVE-2017-2337",
        "STATE": "PUBLIC",
        "TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ScreenOS",
                    "version": {
                      "version_data": [
                        {
                          "platform": "SSG Series",
                          "version_value": "6.3.0 prior to 6.3.0r24"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Juniper Networks"
            }
          ]
        }
      },
      "configuration": [],
      "credit": [
        "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
        "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
          }
        ]
      },
      "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "persistent cross site scripting vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://kb.juniper.net/JSA10782",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10782"
          },
          {
            "name": "1038881",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038881"
          },
          {
            "name": "99590",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99590"
          }
        ]
      },
      "solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities  fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
      "work_around": [
        {
          "lang": "eng",
          "value": "Use access lists or firewall filters to limit access to the firewall\u0027s WebUI only from trusted hosts."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r23b:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@juniper.net",
          "ID": "CVE-2017-2337"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the \u0027security\u0027 role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.juniper.net/JSA10782",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10782"
            },
            {
              "name": "1038881",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1038881"
            },
            {
              "name": "99590",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99590"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-07-22T01:29Z",
      "publishedDate": "2017-07-17T13:18Z"
    }
  }
}

CNVD-2017-23956

Vulnerability from cnvd - Published: 2017-08-31

Title

Juniper SSG Series设备ScreenOS跨站脚本漏洞（CNVD-2017-23956）

Description

Juniper SSG Series是美国瞻博网络（Juniper Networks）公司的一系列防火墙设备。ScreenOS是其中的一套操作系统。 Juniper SSG Series设备上的ScreenOS中Firewall+VPN存在跨站脚本漏洞。远程攻击者可利用该漏洞向其他用户（包括管理员）的管理会话中注入HTML/JavaScript内容，以管理员权限执行命令。

Severity

低

Patch Name

Juniper SSG Series设备ScreenOS跨站脚本漏洞（CNVD-2017-23956）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kb.juniper.net/InfoCenter/index?page=content&id;=JSA10782

Reference

http://securitytracker.com/id/1038881

Impacted products

Name
['Juniper Networks ScreenOS 6.3.0r24', 'Juniper Networks ScreenOS 6.3.0r22', 'Juniper Networks ScreenOS 6.3.0r21', 'Juniper Networks ScreenOS 6.3.0r20', 'Juniper Networks ScreenOS 6.3.0r19', 'Juniper Networks ScreenOS 6.3.0R13', 'Juniper Networks ScreenOS 6.3.0R12']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99590"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2337"
    }
  },
  "description": "Juniper SSG Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002ScreenOS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper SSG Series\u8bbe\u5907\u4e0a\u7684ScreenOS\u4e2dFirewall+VPN\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u5176\u4ed6\u7528\u6237\uff08\u5305\u62ec\u7ba1\u7406\u5458\uff09\u7684\u7ba1\u7406\u4f1a\u8bdd\u4e2d\u6ce8\u5165HTML/JavaScript\u5185\u5bb9\uff0c\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002",
  "discovererName": "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kb.juniper.net/InfoCenter/index?page=content\u0026id;=JSA10782",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-23956",
  "openTime": "2017-08-31",
  "patchDescription": "Juniper SSG Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217\u9632\u706b\u5899\u8bbe\u5907\u3002ScreenOS\u662f\u5176\u4e2d\u7684\u4e00\u5957\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nJuniper SSG Series\u8bbe\u5907\u4e0a\u7684ScreenOS\u4e2dFirewall+VPN\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u5176\u4ed6\u7528\u6237\uff08\u5305\u62ec\u7ba1\u7406\u5458\uff09\u7684\u7ba1\u7406\u4f1a\u8bdd\u4e2d\u6ce8\u5165HTML/JavaScript\u5185\u5bb9\uff0c\u4ee5\u7ba1\u7406\u5458\u6743\u9650\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper SSG Series\u8bbe\u5907ScreenOS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-23956\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks ScreenOS 6.3.0r24",
      "Juniper Networks ScreenOS 6.3.0r22",
      "Juniper Networks ScreenOS  6.3.0r21",
      "Juniper Networks ScreenOS  6.3.0r20",
      "Juniper Networks ScreenOS  6.3.0r19",
      "Juniper Networks ScreenOS  6.3.0R13",
      "Juniper Networks ScreenOS  6.3.0R12"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038881",
  "serverity": "\u4f4e",
  "submitTime": "2017-07-20",
  "title": "Juniper SSG Series\u8bbe\u5907ScreenOS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-23956\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2337 (GCVE-0-2017-2337)

Solution

Solution

Tags

Sightings

Nomenclature