Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JUNIPER_JSA10986.NASL
HistoryJan 17, 2020 - 12:00 a.m.

Junos OS: Cross-Site Scripting (XSS) in J-Web (JSA10986)

2020-01-1700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.3%

JSON

According to its self-reported version number, the remote Juniper Junos device is affected by a cross-site scripting (XSS) vulnerability in J-Web due to insufficient XSS protection. An unauthenticated, remote attacker can exploit this, via injecting web script or HTML to hijack the target user’s J-Web session and perform administrative actions on the on the Junos device as the targeted user.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#TRUSTED a83bbc12fba3722e914ad97d04e29e2ca805dace0b2eb2e45efb3a77d615c42e06ac6f87ee26396710729acde21b079d4143822b25f5e6c1a949dd12e7666f5a8676d12706ec2e924e46e52604fde23ff5b70ffd8cce48e0156c2148980755e79776b69cf17dc3710c377b769c05c178e460adf2c63e01026a5aae16fb28d16a898fc7f47e6169fa3aa3c1a6abcf4d85d16f1297474176b5a2427c4f93b6b69a8bb60e0f0bae97e02ae8d995996b99da6d2fb2c83c5c6636048e217207eaba9030c531fab02e090488cd7f24c8ba2bf8a18c8091e8f066d499e23fdc2eb024e2a0b82428dca9539f87539337c75b64cda62d49953c5671f4df5cd5e90412acb7fd1d11e7f71b5eaf0d9ee911866136850d75898dd1476ceb95e03bc0b33b85fcc0e50678358d9673c14d6e2003f26ab2c41673101cab2555320d0d9d1ac6184b016ff1162661bc985136a59c308cea8f6af5d6f14fb6dde4250bad8ce1dda07f93354656215088e81b085370d3d83a25bd4dde4e8eb7e59e18aad18a86b9e4f2080157a46039cc3f01a9ac7c8016d45cf544b4202446bc3385ab251ef679946095e132f7e2cf2546416c5bb91259cef51668d275d7715edf2e72faf11dffd97b46f0a29b7b9f2a6df313df360c8efae33e4f86eca693c600b0dda9cf26ebd7d3869c39a7c9cd6467f19d9a0c127b8dfc4ba9040146d1ca6334191561fcf37a52
#TRUST-RSA-SHA256 5f3c1022723abd92daf3db9da316178e323635ce6532308307ac3d09921e692973372562f2928e6dd75645822fcd2a910ec8715a46f24499d9812327bb5504c3467d55b87a4ef7ccbaded3785b2c100ad94416dd90976333f012d84773d8f2c3f27abb42426e572111b81527ccef8b393126148d5aae7263c3dde87bd9dce2b0dcbd2f84f58efc48da07335a33286f0bf47e8be9149af8cad4571e18e02d9794676a6d37b3c1b2e6bb3be3503520e691a18d503e6c8171f40492495c5d8eee61a146f7ee1e096665a28a5e062ea440de708755ea517139f8a8d17885dbdc4f81b933514195eed506c934e253209bff445715bcdb33b9c143ed6c176a2ca218bc7918b32006edb1b9f8f446a1445b4d66b201eec03cd4fe764cc650be514807aed030ea16337278314223c5f2a6514d52f18d73b1677bb06077c33de19529c060a8213203e0153d9e55f035171cad6c59c47fd958df720a056f10e3f03a94de048e6945e8238300df0680d096492b462014b03ae889101f8d3974258a3943d7c29e4db5459afdd93b7823436e189fb36de39f66cb2e3aa74710f883bf1ee971b324fe1df111e4b5446d3a9017639d0be51910f7d9140a8167fbedb1ede8169afdfbae4c0a5f052554b9fd3130aa77b032969a44c478d2bd1853a344f4f03deb3844531cc6551ca5bfc509f6589651abd21fe9c0ea7158d98170e1e49c4830e175
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133051);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/29");

  script_cve_id("CVE-2020-1607");
  script_xref(name:"JSA", value:"JSA10986");
  script_xref(name:"IAVA", value:"2020-A-0012-S");

  script_name(english:"Junos OS: Cross-Site Scripting (XSS) in J-Web (JSA10986)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Juniper Junos device is affected by a cross-site scripting
(XSS) vulnerability in J-Web due to insufficient XSS protection. An unauthenticated, remote attacker can exploit this,
via injecting web script or HTML to hijack the target user's J-Web session and perform administrative actions on the on
the Junos device as the targeted user. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10986
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?15e6942c");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10986.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1607");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('audit.inc');
include('junos.inc');
include('junos_kb_cmd_func.inc');
include('misc_func.inc');

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');
fixes = make_array();

fixes['12.3'] = '12.3R12-S15';
if (model =~ '^SRX') {
  fixes['12.3X48'] = '12.3X48-D86';
}
if (model =~ '^EX' || model =~ '^QFX') {
  fixes['14.1X53'] = '14.1X53-D51';
}
fixes['15.1F'] = '15.1F6-S13';
fixes['15.1'] = '15.1R7-S5';
if (model =~ '^SRX') {
  fixes['15.1X49'] = '15.1X49-D181';
}
if (model =~ '^QFX5200' || model =~ '^QFX5110') {
  fixes['15.1X53'] = '15.1X53-D238';
}
if (model =~ '^EX2300' || model =~ '^EX3400') {
  fixes['15.1X53'] = '15.1X53-D592';
}
fixes['16.1'] = '16.1R4-S13';
fixes['16.2'] = '16.2R2-S10';
fixes['17.1'] = '17.1R2-S11';
fixes['17.2'] = '17.2R1-S9';
fixes['17.3'] = '17.3R2-S5';
fixes['17.4'] = '17.4R2-S6';
fixes['18.1'] = '18.1R3-S7';
fixes['18.2'] = '18.2R2-S5';
fixes['18.3'] = '18.3R1-S6';
fixes['18.4'] = '18.4R1-S5';
fixes['19.1'] = '19.1R1-S2';

fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);

# If J-Web is not enabled, audit out.
override = TRUE;
buf = junos_command_kb_item(cmd:'show configuration | display set');
if (buf)
{
  override = FALSE;
  pattern = "^set system services web-management http(s)?";
  if (!junos_check_config(buf:buf, pattern:pattern))
    audit(AUDIT_HOST_NOT, 'vulnerable as J-Web is not enabled');
}
junos_report(model:model, ver:ver, fix:fix, override:override, severity:SECURITY_WARNING, xss:TRUE);
VendorProductVersionCPE
juniperjunoscpe:/o:juniper:junos

Related

cve 1
symantec 1
cvelist 1
prion 1
jvn 1
nvd 1
nessus 1
cve
cve
CVE-2020-1607
2020-01-15 09:15:12
symantec
symantec
Juniper Junos J-Web CVE-2020-1607 Cross Site Scripting Vulnerability
2020-01-08 00:00:00
cvelist
cvelist
CVE-2020-1607 Junos OS: Cross-Site Scripting (XSS) in J-Web
2020-01-08 00:00:00
prion
prion
Cross site scripting
2020-01-15 09:15:00
jvn
jvn
JVN#21753370: Junos OS vulnerable to cross-site scripting
2020-01-10 00:00:00
nvd
nvd
CVE-2020-1607
2020-01-15 09:15:12
nessus
nessus
Juniper JSA10979
2020-02-25 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.3%

JSON
Related for JUNIPER_JSA10986.NASL
cve1symantec1cvelist1prion1jvn1nvd1nessus1