CVE-2017-2339 in ScreenOSinfo

Summary

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Juniper Networks, Inc.

Reservation

12/01/2016

Disclosure

07/17/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

6.1

EPSS

0.00208

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-2339
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2339
CVE Details	https://www.cvedetails.com/cve/CVE-2017-2339/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!