Knowledge Search


×
 

2013-05: Security Bulletin: SmartPass WLAN Security Management: CVE-2013-3498 XSS Vulnerability

  [KB27375] Show Article Properties


Summary:
Products Affected: SmartPass WLAN Security Management
Risk Assessment: CVSSv2 Base Score 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Risk Level: Medium
CVE: CVE-2013-3498
Symptoms:

SmartPass WLAN security management application is vulnerable to a cross site scripting (XSS) vulnerability. This can allow remote attackers to obtain sensitive information from users of SmartPass and possibly get access to SmartPass.

Juniper Networks Acknowledges with thanks Ross Bushby of KRYPSYS for reporting the issue.

Cause:
 
Solution:

This vulnerability is fixed in:

  • SmartPass 8.0 MR2 or later
  • SmartPass 7.7 MR3 or later

Workarounds:
There are no known workarounds that can mitigate XSS issue listed in this bulletin.

Related Links: