Products Affected: SmartPass WLAN Security Management Risk Assessment: CVSSv2 Base Score 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Risk Level: Medium CVE:CVE-2013-3498
Problem or Goal:
SmartPass WLAN security management application is vulnerable to a cross site scripting (XSS) vulnerability. This can allow remote attackers to obtain sensitive information from users of SmartPass and possibly get access to SmartPass.
Juniper Networks Acknowledges with thanks Ross Bushby of KRYPSYS for reporting the issue.
This vulnerability is fixed in:
SmartPass 8.0 MR2 or later
SmartPass 7.7 MR3 or later
Workarounds: There are no known workarounds that can mitigate XSS issue listed in this bulletin.