CVE-2017-2339: ScreenOS: XSS vulnerability in ScreenOS Firewall
First published: Fri Jul 14 2017(Updated: )
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetScreen ScreenOS | =6.3.0 | |
| NetScreen ScreenOS | =6.3.0-r1 | |
| NetScreen ScreenOS | =6.3.0-r10 | |
| NetScreen ScreenOS | =6.3.0-r11 | |
| NetScreen ScreenOS | =6.3.0-r12 | |
| NetScreen ScreenOS | =6.3.0-r13 | |
| NetScreen ScreenOS | =6.3.0-r14 | |
| NetScreen ScreenOS | =6.3.0-r15 | |
| NetScreen ScreenOS | =6.3.0-r16 | |
| NetScreen ScreenOS | =6.3.0-r17 | |
| NetScreen ScreenOS | =6.3.0-r18 | |
| NetScreen ScreenOS | =6.3.0-r19 | |
| NetScreen ScreenOS | =6.3.0-r2 | |
| NetScreen ScreenOS | =6.3.0-r21 | |
| NetScreen ScreenOS | =6.3.0-r22 | |
| NetScreen ScreenOS | =6.3.0-r23 | |
| NetScreen ScreenOS | =6.3.0-r23b | |
| NetScreen ScreenOS | =6.3.0-r3 | |
| NetScreen ScreenOS | =6.3.0-r4 | |
| NetScreen ScreenOS | =6.3.0-r5 | |
| NetScreen ScreenOS | =6.3.0-r6 | |
| NetScreen ScreenOS | =6.3.0-r7 | |
| NetScreen ScreenOS | =6.3.0-r8 | |
| NetScreen ScreenOS | =6.3.0-r9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2339?
CVE-2017-2339 has been rated as a high-severity vulnerability due to its potential to allow persistent cross-site scripting attacks.
How do I fix CVE-2017-2339?
To fix CVE-2017-2339, it is recommended to upgrade to a patched version of Juniper ScreenOS as specified in vendor advisories.
Who is affected by CVE-2017-2339?
CVE-2017-2339 affects users with the 'security' role in the Juniper NetScreen Firewall+VPN running ScreenOS version 6.3.0 and various release iterations.
What type of vulnerability is CVE-2017-2339?
CVE-2017-2339 is categorized as a persistent cross-site scripting (XSS) vulnerability.
What happens if CVE-2017-2339 is exploited?
Exploitation of CVE-2017-2339 could allow an attacker to inject HTML/JavaScript content into the management sessions of other users, including administrators.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/netscreen screenos
- version/netscreen screenos/6.3.0
- version/netscreen screenos/6.3.0-r1
- version/netscreen screenos/6.3.0-r10
- version/netscreen screenos/6.3.0-r11
- version/netscreen screenos/6.3.0-r12
- version/netscreen screenos/6.3.0-r13
- version/netscreen screenos/6.3.0-r14
- version/netscreen screenos/6.3.0-r15
- version/netscreen screenos/6.3.0-r16
- version/netscreen screenos/6.3.0-r17
- version/netscreen screenos/6.3.0-r18
- version/netscreen screenos/6.3.0-r19
- version/netscreen screenos/6.3.0-r2
- version/netscreen screenos/6.3.0-r21
- version/netscreen screenos/6.3.0-r22
- version/netscreen screenos/6.3.0-r23
- version/netscreen screenos/6.3.0-r23b
- version/netscreen screenos/6.3.0-r3
- version/netscreen screenos/6.3.0-r4
- version/netscreen screenos/6.3.0-r5
- version/netscreen screenos/6.3.0-r6
- version/netscreen screenos/6.3.0-r7
- version/netscreen screenos/6.3.0-r8
- version/netscreen screenos/6.3.0-r9