Knowledge Center Search


 

2013-05: Security Bulletin: SmartPass WLAN Security Management: CVE-2013-3498 XSS Vulnerability

  [KB27375] Show KB Properties

  [KB27375] Hide KB Properties

Categories:
Knowledge Base ID: KB27375
Last Updated: 08 May 2013
Version: 1.0

Summary:
Products Affected: SmartPass WLAN Security Management
Risk Assessment: CVSSv2 Base Score 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Risk Level: Medium
CVE: CVE-2013-3498

Problem or Goal:

SmartPass WLAN security management application is vulnerable to a cross site scripting (XSS) vulnerability. This can allow remote attackers to obtain sensitive information from users of SmartPass and possibly get access to SmartPass.

Juniper Networks Acknowledges with thanks Ross Bushby of KRYPSYS for reporting the issue.

Cause:
 

Solution:

This vulnerability is fixed in:

  • SmartPass 8.0 MR2 or later
  • SmartPass 7.7 MR3 or later

Workarounds:
There are no known workarounds that can mitigate XSS issue listed in this bulletin.

Purpose:
Defect

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.