CVE-2018-0047: Junos Space Security Director: XSS vulnerability in web administration
First published: Wed Oct 10 2018(Updated: )
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Networks Junos Space | =13.3-r1 | |
| Juniper Networks Junos Space | =13.3-r2 | |
| Juniper Networks Junos Space | =14.1-r1 | |
| Juniper Networks Junos Space | =14.1-r2 | |
| Juniper Networks Junos Space | =14.1-r3 | |
| Juniper Networks Junos Space | =15.1-r1 | |
| Juniper Networks Junos Space | =15.1-r2 | |
| Juniper Networks Junos Space | =15.1-r3 | |
| Juniper Networks Junos Space | =15.1-r4 | |
| Juniper Networks Junos Space | =15.2-r1 | |
| Juniper Networks Junos Space | =15.2-r2 | |
| Juniper Networks Junos Space | =16.1-r1 | |
| Juniper Networks Junos Space | =16.1-r2 | |
| Juniper Networks Junos Space | =16.1-r3 | |
| Juniper Networks Junos Space | =17.1-r1 | |
| Juniper Networks Junos Space | =17.2-r1 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos Space Security Director 17.2R2, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-0047?
CVE-2018-0047 has a medium severity level due to its potential for persistent cross-site scripting in Junos Space Security Director.
How do I fix CVE-2018-0047?
To fix CVE-2018-0047, update your Junos Space Security Director to the latest patched version provided by Juniper Networks.
Which versions of Junos Space are affected by CVE-2018-0047?
CVE-2018-0047 affects numerous versions of Junos Space, including 13.3 through 17.2.
What type of vulnerability is CVE-2018-0047?
CVE-2018-0047 is categorized as a persistent cross-site scripting vulnerability.
Who can exploit CVE-2018-0047?
Authenticated users can exploit CVE-2018-0047 to inject malicious scripts into the Junos Space Security Director.
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper networks junos space
- version/juniper networks junos space/13.3-r1
- version/juniper networks junos space/13.3-r2
- version/juniper networks junos space/14.1-r1
- version/juniper networks junos space/14.1-r2
- version/juniper networks junos space/14.1-r3
- version/juniper networks junos space/15.1-r1
- version/juniper networks junos space/15.1-r2
- version/juniper networks junos space/15.1-r3
- version/juniper networks junos space/15.1-r4
- version/juniper networks junos space/15.2-r1
- version/juniper networks junos space/15.2-r2
- version/juniper networks junos space/16.1-r1
- version/juniper networks junos space/16.1-r2
- version/juniper networks junos space/16.1-r3
- version/juniper networks junos space/17.1-r1
- version/juniper networks junos space/17.2-r1