CVE-2017-2335: ScreenOS: XSS vulnerability in ScreenOS Firewall
First published: Wed Jul 12 2017(Updated: )
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetScreen ScreenOS | =6.3.0 | |
| NetScreen ScreenOS | =6.3.0-r1 | |
| NetScreen ScreenOS | =6.3.0-r10 | |
| NetScreen ScreenOS | =6.3.0-r11 | |
| NetScreen ScreenOS | =6.3.0-r12 | |
| NetScreen ScreenOS | =6.3.0-r13 | |
| NetScreen ScreenOS | =6.3.0-r14 | |
| NetScreen ScreenOS | =6.3.0-r15 | |
| NetScreen ScreenOS | =6.3.0-r16 | |
| NetScreen ScreenOS | =6.3.0-r17 | |
| NetScreen ScreenOS | =6.3.0-r18 | |
| NetScreen ScreenOS | =6.3.0-r19 | |
| NetScreen ScreenOS | =6.3.0-r2 | |
| NetScreen ScreenOS | =6.3.0-r21 | |
| NetScreen ScreenOS | =6.3.0-r22 | |
| NetScreen ScreenOS | =6.3.0-r23 | |
| NetScreen ScreenOS | =6.3.0-r23b | |
| NetScreen ScreenOS | =6.3.0-r3 | |
| NetScreen ScreenOS | =6.3.0-r4 | |
| NetScreen ScreenOS | =6.3.0-r5 | |
| NetScreen ScreenOS | =6.3.0-r6 | |
| NetScreen ScreenOS | =6.3.0-r7 | |
| NetScreen ScreenOS | =6.3.0-r8 | |
| NetScreen ScreenOS | =6.3.0-r9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2335?
CVE-2017-2335 is classified as a high severity vulnerability due to its potential for persistent cross-site scripting attacks.
How do I fix CVE-2017-2335?
To fix CVE-2017-2335, update your Juniper ScreenOS to a version that includes the security patch addressing this vulnerability.
Which versions of ScreenOS are affected by CVE-2017-2335?
CVE-2017-2335 affects multiple versions of Juniper ScreenOS, specifically version 6.3.0 and its revisions.
What type of vulnerability is CVE-2017-2335?
CVE-2017-2335 is a persistent cross-site scripting (XSS) vulnerability that allows unauthorized script injection.
Who can exploit CVE-2017-2335?
CVE-2017-2335 can be exploited by users with the 'security' role within the NetScreen WebUI environment.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/netscreen screenos
- version/netscreen screenos/6.3.0
- version/netscreen screenos/6.3.0-r1
- version/netscreen screenos/6.3.0-r10
- version/netscreen screenos/6.3.0-r11
- version/netscreen screenos/6.3.0-r12
- version/netscreen screenos/6.3.0-r13
- version/netscreen screenos/6.3.0-r14
- version/netscreen screenos/6.3.0-r15
- version/netscreen screenos/6.3.0-r16
- version/netscreen screenos/6.3.0-r17
- version/netscreen screenos/6.3.0-r18
- version/netscreen screenos/6.3.0-r19
- version/netscreen screenos/6.3.0-r2
- version/netscreen screenos/6.3.0-r21
- version/netscreen screenos/6.3.0-r22
- version/netscreen screenos/6.3.0-r23
- version/netscreen screenos/6.3.0-r23b
- version/netscreen screenos/6.3.0-r3
- version/netscreen screenos/6.3.0-r4
- version/netscreen screenos/6.3.0-r5
- version/netscreen screenos/6.3.0-r6
- version/netscreen screenos/6.3.0-r7
- version/netscreen screenos/6.3.0-r8
- version/netscreen screenos/6.3.0-r9