Lucene search

K
cve[email protected]CVE-2016-4923
HistoryOct 13, 2017 - 5:29 p.m.

CVE-2016-4923

2017-10-1317:29:00
CWE-79
web.nvd.nist.gov
24
cve-2016-4923
cross site scripting
xss
juniper networks
junos os
security vulnerability
data theft

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.8%

Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57.

Affected configurations

NVD
Node
juniperjunosMatch11.4
OR
juniperjunosMatch11.4r1
OR
juniperjunosMatch11.4r10
OR
juniperjunosMatch11.4r11
OR
juniperjunosMatch11.4r12
OR
juniperjunosMatch11.4r2
OR
juniperjunosMatch11.4r3
OR
juniperjunosMatch11.4r4
OR
juniperjunosMatch11.4r5
OR
juniperjunosMatch11.4r6
OR
juniperjunosMatch11.4r7
OR
juniperjunosMatch11.4r8
OR
juniperjunosMatch11.4r9
OR
juniperjunosMatch11.4r13s2
Node
juniperjunosMatch12.3
OR
juniperjunosMatch12.3r1
OR
juniperjunosMatch12.3r10
OR
juniperjunosMatch12.3r2
OR
juniperjunosMatch12.3r3
OR
juniperjunosMatch12.3r4
OR
juniperjunosMatch12.3r5
OR
juniperjunosMatch12.3r6
OR
juniperjunosMatch12.3r7
OR
juniperjunosMatch12.3r8
OR
juniperjunosMatch12.3r9
OR
juniperjunosMatch12.3x48d10
OR
juniperjunosMatch12.3x48d15
Node
juniperjunosMatch13.3
OR
juniperjunosMatch13.3r1
OR
juniperjunosMatch13.3r2
OR
juniperjunosMatch13.3r2-s2
OR
juniperjunosMatch13.3r3
OR
juniperjunosMatch13.3r4
OR
juniperjunosMatch13.3r5
OR
juniperjunosMatch13.3r6
OR
juniperjunosMatch13.3r7
OR
juniperjunosMatch13.3r8
OR
juniperjunosMatch13.3r9
Node
juniperjunosMatch14.1
OR
juniperjunosMatch14.1r1
OR
juniperjunosMatch14.1r2
OR
juniperjunosMatch14.1r3
OR
juniperjunosMatch14.1r4
OR
juniperjunosMatch14.1r5
Node
juniperjunosMatch14.2r1
OR
juniperjunosMatch14.2r2
OR
juniperjunosMatch14.2r3
OR
juniperjunosMatch14.2r4
OR
juniperjunosMatch14.2r5
Node
juniperjunosMatch15.1r1
OR
juniperjunosMatch15.1r2
OR
juniperjunosMatch15.1x49d10
OR
juniperjunosMatch15.1x53d20
OR
juniperjunosMatch15.1x53d21
OR
juniperjunosMatch15.1x53d25
OR
juniperjunosMatch15.1x53d30
OR
juniperjunosMatch15.1x53d32
OR
juniperjunosMatch15.1x53d33
OR
juniperjunosMatch15.1x53d34
OR
juniperjunosMatch15.1x53d50
OR
juniperjunosMatch15.1x53d51
OR
juniperjunosMatch15.1x53d52
OR
juniperjunosMatch15.1x53d55
Node
juniperjunosMatch12.1x44
OR
juniperjunosMatch12.1x44d10
OR
juniperjunosMatch12.1x44d15
OR
juniperjunosMatch12.1x44d20
OR
juniperjunosMatch12.1x44d25
OR
juniperjunosMatch12.1x44d30
OR
juniperjunosMatch12.1x44d35
OR
juniperjunosMatch12.1x44d40
OR
juniperjunosMatch12.1x44d45
OR
juniperjunosMatch12.1x44d50
OR
juniperjunosMatch12.1x44d55
OR
juniperjunosMatch12.1x46
OR
juniperjunosMatch12.1x46d10
OR
juniperjunosMatch12.1x46d15
OR
juniperjunosMatch12.1x46d20
OR
juniperjunosMatch12.1x46d25
OR
juniperjunosMatch12.1x46d30
OR
juniperjunosMatch12.1x46d35
OR
juniperjunosMatch12.1x47
OR
juniperjunosMatch12.1x47d10
OR
juniperjunosMatch12.1x47d15
OR
juniperjunosMatch12.1x47d20
OR
juniperjunosMatch12.1x47d25

CNA Affected

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "11.4 prior to 11.4R13-S3"
      },
      {
        "status": "affected",
        "version": "12.1X44 prior to 12.1X44-D60"
      },
      {
        "status": "affected",
        "version": "12.1X46 prior to 12.1X46-D40"
      },
      {
        "status": "affected",
        "version": "12.1X47 prior to 12.1X47-D30"
      },
      {
        "status": "affected",
        "version": "12.3 prior to 12.3R11"
      },
      {
        "status": "affected",
        "version": "12.3X48 prior to 12.3X48-D20"
      },
      {
        "status": "affected",
        "version": "13.2X51 prior to 13.2X51-D39, 13.2X51-D40"
      },
      {
        "status": "affected",
        "version": "13.3 prior to 13.3R9"
      },
      {
        "status": "affected",
        "version": "14.1 prior to 14.1R6"
      },
      {
        "status": "affected",
        "version": "14.2 prior to 14.2R6"
      },
      {
        "status": "affected",
        "version": "15.1 prior to 15.1R3"
      },
      {
        "status": "affected",
        "version": "15.1X49 prior to 15.1X49-D20"
      },
      {
        "status": "affected",
        "version": "15.1X53 prior to 15.1X53-D57"
      }
    ]
  }
]

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

47.8%

Related for CVE-2016-4923