CVE-2018-0059 ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

CVE-2018-0059

CVE-2018-0059 concerns a stored cross-site scripting vulnerability in Juniper ScreenOS (GUI). The issue is triggered by an authenticated remote user who can inject Web/script content, potentially stealing data and credentials from a web administration session and tricking another admin into unint...

Design/Logic Flaw

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected b...

CVE-2018-0018

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected b...

CVE-2018-0018

The CVE affects SRX Series devices running Junos OS where IDP policies are compiled. A crafted packet may bypass firewall rules during IDP policy compilation, causing information disclosure and potential control of the target or protected devices. Affected Junos OS releases are 12.1X46 before D60...

Juniper Gather Device General Information

This module collects a Juniper ScreenOS and JunOS device information and configuration...

Juniper ScreenOS < 6.3.0r25 Etherleak Vulnerability (JSA10841)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r25. It is, therefore, affected by a flaw that may allow a remote attacker on the same network segment to gain access to fragments of system memory or data from previously submitted packets. Note that Nessus has not...

Juniper ScreenOS Information Disclosure Vulnerability (CNVD-2018-04211)

Juniper ScreenOS is a Juniper Networks operating system that runs in the NetScreen family of firewalls. A security vulnerability exists in Juniper ScreenOS version 6.3.0r25, which arises from the program's failure to zero-pad Ethernet packets. An attacker could exploit the vulnerability to obtain...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisori...

CVE-2018-0014

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25...

CVE-2018-0014

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25...

Design/Logic Flaw

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25...

CVE-2018-0014

Summary: CVE-2018-0014 is an Etherleak-related information disclosure in Juniper ScreenOS. Affected products/versions: Juniper ScreenOS prior to 6.3.0r25 (all versions affected before the fixed release). Root cause: Ethernet frames are not padded with zeros, causing fragments of system memory or ...

CVE-2018-0014 ScreenOS: Etherleak vulnerability found on ScreenOS device

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25...

Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)

The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper's products do not support Fast BSS Transition...

Juniper ScreenOS 6.3.x < 6.3.0r24 SSL Death Alert (JSA10808)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r24. It is, therefore, affected by a vulnerability in the way the TLS/SSL protocol specifies processing of ALERT packets during a connection handshake. Note that Nessus has not tested for these issues but has instea...

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

JVN#74247807: Multiple cross-site scripting vulnerabilities in ScreenOS

ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

Juniper SSG Series device ScreenOS cross-site scripting vulnerability (CNVD-2017-23955)

The Juniper SSG Series is a family of firewall appliances from Juniper Networks.ScreenOS is one of the operating systems. A cross-site scripting vulnerability exists in Firewall+VPN in ScreenOS on Juniper SSG Series devices. A remote attacker can exploit this vulnerability to inject HTML/JavaScri...

Juniper SSG Series device ScreenOS cross-site scripting vulnerability (CNVD-2017-23958)

The Juniper SSG Series is a family of firewall appliances from Juniper Networks.ScreenOS is one of the operating systems. A cross-site scripting vulnerability exists in Firewall+VPN in ScreenOS on Juniper SSG Series devices. A remote attacker can exploit this vulnerability to inject HTML/JavaScri...