Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Cross-Site Scripting (XSS) in the JUNOS web management console allows unauthorized access.

1

0

Article ID: JSA10406 SECURITY_ADVISORIES Last Updated: 09 May 2013Version: 1.0
Legacy Advisory Id:
PSN-2009-04-326
Product Affected:
All JUNOS platforms running the J-Web management module.
Problem:
A Cross Site scripting vulnerability has been found in the JUNOS web management console. Any JUNOS router using the J-Web management module is potentially impacted, but this issue impacts a narrow range of JUNOS versions.
Solution:
Upgrade to JUNOS 8.5 Service Release 20081017, 9.0R4.1, or 9.1 or higher.
  • The problem was introduced in JUNOS 8.5. No images before 8.5 are vulnerable.
  • JUNOS 9.1 and higher does not have this issue. The web code was replaced, updated, and tested. It has been validated as to not be vulnerable.
 Acknowledgement: This issue was externally found by Ezhilan Panneerselvam, reported to Juniper's SIRT Team, and managed under responsible disclosure guidelines.


 Disclaimer: Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Severity Level:
Medium
Severity Assessment:
Potential risk where the XSS could grant access to password protected area of the web management console.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search