Lucene search

JuniperCVELIST:CVE-2018-0047

HistoryOct 10, 2018 - 6:00 p.m.

CVE-2018-0047 Junos Space Security Director: XSS vulnerability in web administration

2018-10-1018:00:00

juniper

www.cve.org

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

CNA Affected

[
  {
    "product": "Junos Space Security Director",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThanOrEqual": "17.2R2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securitytracker.com/id/1041863

kb.juniper.net/JSA10881

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

Related for CVELIST:CVE-2018-0047