CVE-2020-1607 Junos OS: Cross-Site Scripting (XSS) in J-Web

🗓️ 15 Jan 2020 08:40:37Reported by juniperType

CVE-2020-1607 Junos OS: Cross-Site Scripting (XSS) in J-Web. Remote attacker can inject web script or HTML, hijack J-Web session and perform admin actions. Affects multiple Junos OS versions

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability in the J-Web web interface of the JunOS operating system allows attackers to execute cross-site scripting (XSS) attacks.	20 Mar 202000:00	–	bdu_fstec
CNVD	Juniper Networks Junos OS Cross-Site Scripting Vulnerability (CNVD-2020-03713)	10 Jan 202000:00	–	cnvd
CVE	CVE-2020-1607	15 Jan 202008:40	–	cve
EUVD	EUVD-2020-12477	7 Oct 202500:30	–	euvd
Tenable Nessus	Juniper JSA10979	25 Feb 202000:00	–	nessus
Tenable Nessus	Junos OS: Cross-Site Scripting (XSS) in J-Web (JSA10986)	17 Jan 202000:00	–	nessus
Japan Vulnerability Notes	JVN#21753370: Junos OS vulnerable to cross-site scripting	10 Jan 202000:00	–	jvn
Japan Vulnerability Notes	Junos OS vulnerable to cross-site scripting	10 Jan 202005:48	–	jvn
NVD	CVE-2020-1607	15 Jan 202009:15	–	nvd
Prion	Cross site scripting	15 Jan 202009:15	–	prion

[
  {
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "status": "affected",
        "version": "17.2R2"
      },
      {
        "lessThan": "12.3R12-S15",
        "status": "affected",
        "version": "12.3",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1F6-S13",
        "status": "affected",
        "version": "15.1F6",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1R7-S5",
        "status": "affected",
        "version": "15.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.1R4-S13, 16.1R7-S5",
        "status": "affected",
        "version": "16.1",
        "versionType": "custom"
      },
      {
        "lessThan": "16.2R2-S10",
        "status": "affected",
        "version": "16.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.1R2-S11, 17.1R3-S1",
        "status": "affected",
        "version": "17.1",
        "versionType": "custom"
      },
      {
        "lessThan": "17.2R1-S9, 17.2R3-S2",
        "status": "affected",
        "version": "17.2",
        "versionType": "custom"
      },
      {
        "lessThan": "17.3R2-S5, 17.3R3-S5",
        "status": "affected",
        "version": "17.3",
        "versionType": "custom"
      },
      {
        "lessThan": "17.4R2-S6, 17.4R3",
        "status": "affected",
        "version": "17.4",
        "versionType": "custom"
      },
      {
        "lessThan": "18.1R3-S7",
        "status": "affected",
        "version": "18.1",
        "versionType": "custom"
      },
      {
        "lessThan": "18.2R2-S5, 18.2R3",
        "status": "affected",
        "version": "18.2",
        "versionType": "custom"
      },
      {
        "lessThan": "18.3R1-S6, 18.3R2-S1, 18.3R3",
        "status": "affected",
        "version": "18.3",
        "versionType": "custom"
      },
      {
        "lessThan": "18.4R1-S5, 18.4R2",
        "status": "affected",
        "version": "18.4",
        "versionType": "custom"
      },
      {
        "lessThan": "19.1R1-S2, 19.1R2",
        "status": "affected",
        "version": "19.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "12.3X48-D86, 12.3X48-D90",
        "status": "affected",
        "version": "12.3X48",
        "versionType": "custom"
      },
      {
        "lessThan": "15.1X49-D181, 15.1X49-D190",
        "status": "affected",
        "version": "15.1X49",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX and QFX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "14.1X53-D51",
        "status": "affected",
        "version": "14.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "QFX5200/QFX5110 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1X53-D238",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      }
    ]
  },
  {
    "platforms": [
      "EX2300/EX3400 Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "15.1X53-D592",
        "status": "affected",
        "version": "15.1X53",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.juniper.net/JSA10986

15 Jan 2020 08:40Current

7High risk

Vulners AI Score7

CVSS 3.17.5

EPSS0.00336

CWE-79