high
7.5
CWE
79
Advisory Published
Updated

CVE-2020-1607: Junos OS: Cross-Site Scripting (XSS) in J-Web

First published: Wed Jan 15 2020(Updated: )

Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Junos OS Evolved=12.3
Junos OS Evolved=12.3-r1
Junos OS Evolved=12.3-r11
Junos OS Evolved=12.3-r12
Junos OS Evolved=12.3-r12-s1
Junos OS Evolved=12.3-r12-s10
Junos OS Evolved=12.3-r12-s11
Junos OS Evolved=12.3-r12-s12
Junos OS Evolved=12.3-r12-s13
Junos OS Evolved=12.3-r12-s14
Junos OS Evolved=12.3-r12-s3
Junos OS Evolved=12.3-r12-s4
Junos OS Evolved=12.3-r12-s6
Junos OS Evolved=12.3-r13
Junos OS Evolved=12.3-r2
Junos OS Evolved=12.3-r3
Junos OS Evolved=12.3-r4
Junos OS Evolved=12.3-r5
Junos OS Evolved=12.3-r6
Junos OS Evolved=12.3-r7
Junos OS Evolved=12.3-r8
Junos OS Evolved=12.3-r9
Junos OS Evolved=15.1-f6
Junos OS Evolved=15.1-f6-s1
Junos OS Evolved=15.1-f6-s12
Junos OS Evolved=15.1-f6-s3
Junos OS Evolved=15.1-r1
Junos OS Evolved=15.1-r2
Junos OS Evolved=15.1-r3
Junos OS Evolved=15.1-r4
Junos OS Evolved=15.1-r4-s9
Junos OS Evolved=15.1-r5
Junos OS Evolved=15.1-r6
Junos OS Evolved=15.1-r6-s6
Junos OS Evolved=15.1-r7-s1
Junos OS Evolved=15.1-r7-s2
Junos OS Evolved=15.1-r7-s3
Junos OS Evolved=15.1-r7-s4
Junos OS Evolved=16.1
Junos OS Evolved=16.1-r1
Junos OS Evolved=16.1-r2
Junos OS Evolved=16.1-r3
Junos OS Evolved=16.1-r3-s10
Junos OS Evolved=16.1-r4
Junos OS Evolved=16.1-r4-s12
Junos OS Evolved=16.1-r4-s2
Junos OS Evolved=16.1-r4-s3
Junos OS Evolved=16.1-r4-s6
Junos OS Evolved=16.1-r4-s9
Junos OS Evolved=16.1-r5-s4
Junos OS Evolved=16.1-r6-s1
Junos OS Evolved=16.1-r7
Junos OS Evolved=16.1-r7-s2
Junos OS Evolved=16.1-r7-s3
Junos OS Evolved=16.1-r7-s4
Junos OS Evolved=16.2
Junos OS Evolved=16.2-r1
Junos OS Evolved=16.2-r2
Junos OS Evolved=16.2-r2-s1
Junos OS Evolved=16.2-r2-s2
Junos OS Evolved=16.2-r2-s5
Junos OS Evolved=16.2-r2-s6
Junos OS Evolved=16.2-r2-s7
Junos OS Evolved=16.2-r2-s8
Junos OS Evolved=16.2-r2-s9
Junos OS Evolved=17.1
Junos OS Evolved=17.1-r1
Junos OS Evolved=17.1-r2-s1
Junos OS Evolved=17.1-r2-s10
Junos OS Evolved=17.1-r2-s2
Junos OS Evolved=17.1-r2-s3
Junos OS Evolved=17.1-r2-s4
Junos OS Evolved=17.1-r2-s5
Junos OS Evolved=17.1-r2-s6
Junos OS Evolved=17.1-r2-s7
Junos OS Evolved=17.1-r3
Junos OS Evolved=17.2
Junos OS Evolved=17.2-r1-s2
Junos OS Evolved=17.2-r1-s4
Junos OS Evolved=17.2-r1-s7
Junos OS Evolved=17.2-r1-s8
Junos OS Evolved=17.2-r2-s6
Junos OS Evolved=17.2-r2-s7
Junos OS Evolved=17.3
Junos OS Evolved=17.3-r1-s1
Junos OS Evolved=17.3-r2
Junos OS Evolved=17.3-r2-s1
Junos OS Evolved=17.3-r2-s2
Junos OS Evolved=17.3-r2-s4
Junos OS Evolved=17.3-r3-s1
Junos OS Evolved=17.3-r3-s2
Junos OS Evolved=17.3-r3-s3
Junos OS Evolved=17.3-r3-s4
Junos OS Evolved=17.4
Junos OS Evolved=17.4-r1
Junos OS Evolved=17.4-r1-s1
Junos OS Evolved=17.4-r1-s2
Junos OS Evolved=17.4-r1-s4
Junos OS Evolved=17.4-r1-s6
Junos OS Evolved=17.4-r1-s7
Junos OS Evolved=17.4-r2
Junos OS Evolved=17.4-r2-s1
Junos OS Evolved=17.4-r2-s3
Junos OS Evolved=17.4-r2-s4
Junos OS Evolved=17.4-r2-s5
Junos OS Evolved=18.1
Junos OS Evolved=18.1-r2
Junos OS Evolved=18.1-r2-s1
Junos OS Evolved=18.1-r2-s2
Junos OS Evolved=18.1-r2-s4
Junos OS Evolved=18.1-r3
Junos OS Evolved=18.1-r3-s1
Junos OS Evolved=18.1-r3-s2
Junos OS Evolved=18.1-r3-s3
Junos OS Evolved=18.1-r3-s4
Junos OS Evolved=18.1-r3-s5
Junos OS Evolved=18.1-r3-s6
Junos OS Evolved=18.2
Junos OS Evolved=18.2-r1-s5
Junos OS Evolved=18.2-r2-s1
Junos OS Evolved=18.2-r2-s2
Junos OS Evolved=18.2-r2-s3
Junos OS Evolved=18.2-r2-s4
Junos OS Evolved=18.3
Junos OS Evolved=18.3-r1
Junos OS Evolved=18.3-r1-s1
Junos OS Evolved=18.3-r1-s2
Junos OS Evolved=18.3-r1-s3
Junos OS Evolved=18.3-r1-s4
Junos OS Evolved=18.3-r1-s5
Junos OS Evolved=18.3-r2
Junos OS Evolved=18.4
Junos OS Evolved=18.4-r1
Junos OS Evolved=18.4-r1-s1
Junos OS Evolved=18.4-r1-s2
Junos OS Evolved=18.4-r1-s3
Junos OS Evolved=18.4-r1-s4
Junos OS Evolved=19.1-r1
Junos OS Evolved=19.1-r1-s1
Junos OS Evolved=12.3x48-d10
Junos OS Evolved=12.3x48-d15
Junos OS Evolved=12.3x48-d25
Junos OS Evolved=12.3x48-d80
Junos OS Evolved=15.1x49-d10
Junos OS Evolved=15.1x49-d150
Junos OS Evolved=15.1x49-d170
Junos OS Evolved=15.1x49-d180
Junos OS Evolved=15.1x49-d20
Junos OS Evolved=15.1x49-d30
Junos OS Evolved=15.1x49-d35
Junos OS Evolved=15.1x49-d40
Junos OS Evolved=15.1x49-d45
Junos OS Evolved=15.1x49-d50
Junos OS Evolved=15.1x49-d55
Junos OS Evolved=15.1x49-d60
Junos OS Evolved=15.1x49-d65
Junos OS Evolved=15.1x49-d70
Junos OS Evolved=15.1x49-d75
Junos OS Evolved=15.1x49-d80
Junos OS Evolved=15.1x49-d90
Juniper SRX100
Juniper SRX110
Juniper SRX1400
Juniper SRX1500
Juniper SRX210
Juniper SRX220
Juniper SRX240
Juniper SRX300
Juniper SRX320
Juniper SRX340
Juniper SRX3400
Juniper SRX345
Juniper SRX3600
Juniper SRX4100
Juniper SRX4200
Juniper SRX4600
Juniper SRX5400
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Juniper SRX650
Junos OS Evolved=14.1x53
Junos OS Evolved=14.1x53-d10
Junos OS Evolved=14.1x53-d15
Junos OS Evolved=14.1x53-d16
Junos OS Evolved=14.1x53-d25
Junos OS Evolved=14.1x53-d26
Junos OS Evolved=14.1x53-d27
Junos OS Evolved=14.1x53-d30
Junos OS Evolved=14.1x53-d35
Junos OS Evolved=14.1x53-d40
Junos OS Evolved=14.1x53-d45
Junos OS Evolved=14.1x53-d46
Junos OS Evolved=14.1x53-d47
Junos OS Evolved=14.1x53-d48
Junos OS Evolved=14.1x53-d49
Juniper EX2300-24T
Juniper EX2300-C
Juniper EX3400
Juniper EX4300-24T
Juniper EX4600
Juniper EX4650
Juniper EX9200
Juniper EX9250
Juniper QFX10002-60C
Juniper Networks QFX-Series
Juniper Networks QFX-Series
Juniper QFX3000-G
Juniper QFX3000-M
Juniper QFX3008-I
Juniper Networks QFX-Series
Juniper Networks QFX-Series
Juniper QFX3600-I
Juniper QFX3600
Juniper QFX5100
Juniper QFX5110
Juniper QFX5200-32C
Juniper QFX5210-64C
Junos OS Evolved=15.1x53-d20
Junos OS Evolved=15.1x53-d21
Junos OS Evolved=15.1x53-d210
Junos OS Evolved=15.1x53-d230
Junos OS Evolved=15.1x53-d231
Junos OS Evolved=15.1x53-d232
Junos OS Evolved=15.1x53-d233
Junos OS Evolved=15.1x53-d234
Junos OS Evolved=15.1x53-d235
Junos OS Evolved=15.1x53-d236
Junos OS Evolved=15.1x53-d237
Junos OS Evolved=15.1x53-d25
Junos OS Evolved=15.1x53-d30
Junos OS Evolved=15.1x53-d31
Junos OS Evolved=15.1x53-d32
Junos OS Evolved=15.1x53-d33
Junos OS Evolved=15.1x53-d34
Junos OS Evolved=15.1x53-d40
Junos OS Evolved=15.1x53-d45
Junos OS Evolved=15.1x53-d56
Junos OS Evolved=15.1x53-d60
Junos OS Evolved=15.1x53-d61
Junos OS Evolved=15.1x53-d62
Junos OS Evolved=15.1x53-d63
Junos OS Evolved=15.1x53-d65
Junos OS Evolved=15.1x53-d70
Junos OS Evolved=15.1x53-d470
Junos OS Evolved=15.1x53-d495
Junos OS Evolved=15.1x53-d590
Junos OS Evolved=15.1x53-d591

Remedy

The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13,15.1R7-S5, 15.1X49-D181, 15.1X49-D190, 15.1X53-D238, 15.1X53-D592, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10,17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S6, 17.4R3, 18.1R3-S7,18.2R2-S5, 18.2R3, 18.3R1-S6, 18.3R2-S1, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-1607?

    CVE-2020-1607 has a medium severity rating that allows remote attackers to exploit insufficient cross-site scripting protection.

  • How do I fix CVE-2020-1607?

    To fix CVE-2020-1607, update your affected Junos software to the patched version recommended by Juniper Networks.

  • What versions of Junos are affected by CVE-2020-1607?

    CVE-2020-1607 affects multiple versions of Junos such as 12.3, 15.1, and several others, particularly in the 12.3 and 15.1 series.

  • What type of vulnerability is CVE-2020-1607?

    CVE-2020-1607 is classified as a cross-site scripting (XSS) vulnerability affecting the Junos Web-based management interface.

  • Can CVE-2020-1607 lead to a complete system compromise?

    Yes, if exploited, CVE-2020-1607 could allow an attacker to hijack a user's J-Web session and perform administrative actions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203