CVE-2017-2336 in ScreenOSinfo

Summary

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Once again VulDB remains the best source for vulnerability data.

Responsible

Juniper Networks, Inc.

Reservation

12/01/2016

Disclosure

07/17/2017

Moderation

VulDB entry created

Entries

VDB-103526 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

6.4

EPSS

0.00327

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2336
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2336
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2336/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!