CVE-2017-2337

CVE-2017-2337 concerns a persistent XSS flaw in Juniper Networks ScreenOS, affecting the NetScreen/WebUI of SSG Series devices. The issue allows a user with the 'security' role to inject HTML/JavaScript into another user’s management session, including administrators, effectively enabling command...

CVE-2017-2339

The CVE-2017-2339 issue concerns a persistent cross-site scripting (XSS) vulnerability in Juniper Networks ScreenOS, specifically within the NetScreen WebUI of the ScreenOS-based NetScreen Firewall+VPN. The vulnerability allows a user with the security role to inject HTML/JavaScript into other us...

CVE-2017-2336 ScreenOS: XSS vulnerability in ScreenOS Firewall

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...

CVE-2017-2338

CVE-2017-2338 describes a persistent cross-site scripting (XSS) vulnerability in Juniper Networks ScreenOS WebUI used by NetScreen Firewall+VPN. A user with the security role can inject HTML/JavaScript into other users’ management sessions, potentially granting the attacker the ability to execute...

CVE-2017-2339 ScreenOS: XSS vulnerability in ScreenOS Firewall

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

CVE-2017-2335 ScreenOS: XSS vulnerability in ScreenOS Firewall

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...

Juniper ScreenOS Multiple XSS Vulnerabilities

ScreenOS is prone to multiple XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:screenos"; if...

Juniper Networks Releases Multiple Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and ScreenOS. A remote attacker could exploit several of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Juniper Security Advisorie...

Juniper ScreenOS 6.3.x < 6.3.0r23 Multiple Vulnerabilities in OpenSSL (JSA10759) (DROWN)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r23. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A flaw exists in the SSLv2 implementation, specifically in the getclientmasterkey function within file s2srvr.c, due ...

ScreenOS OpenSSL Security Updates

The OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016. ScreenOS is potentially affected by many of these issues. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

Juniper ScreenOS 6.3.x < 6.3.0r22 Multiple Vulnerabilities in OpenSSL (JSA10733)

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r22. It is, therefore, affected by multiple vulnerabilities in its bundled version of OpenSSL : - A denial of service vulnerability exists due to improper validation of the content and length of the ASN1TIME string ...

Juniper ScreenOS 6.3.x < 6.3.0r4 Firewall Private Address Information Disclosure

The version of Juniper ScreenOS running on the remote host is 6.3.x prior to 6.3.0r4. It is, therefore, affected by an information disclosure vulnerability that allows an unauthenticated, remote attacker to gain access to the private address of the firewall. Note that Nessus has not tested for th...

The vulnerability of the ScreenOS operating system, which allows a hacker to trigger a service failure

The vulnerability of the ScreenOS operating system’s administrative web service interface exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures by using specially crafted SSL packets...

Juniper ScreenOS 6.3.x < 6.3.0r21 Malformed SSL/TLS Packet DoS (JSA10732)

The remote host is running a version of Juniper ScreenOS that is 6.3.x prior to 6.3.0r21. It is, therefore, affected by a denial of service vulnerability in the administrative web services that is triggered when handling malformed SSL/TLS packets. An unauthenticated, remote attacker can exploit...

Juniper Networks ScreenOS Security Bypass Vulnerability

The Juniper Networks QFX5100 and QFX10002 are switch products from Juniper Networks, Inc. A security vulnerability exists in the Juniper Networks ScreenOS that allows remote attackers to exploit the vulnerability to gain administrator privileges on the system and conduct denial of service attacks...

CVE-2016-1268

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service reboot via a crafted SSL packet...

CVE-2016-1268

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service reboot via a crafted SSL packet...

Input validation

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service reboot via a crafted SSL packet...

CVE-2016-1268

The CVE refers to Juniper ScreenOS, affected in versions before 6.3.0r21, where the administrative web services interface is vulnerable to a denial-of-service via a crafted SSL/TLS packet. The issue can cause a reboot or loss of administrative access and is exploitable remotely without authentica...

CVE-2016-1268

The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service reboot via a crafted SSL packet...