What is the severity of CVE-2020-1673?

CVE-2020-1673 is rated as a critical severity vulnerability due to its ability to allow unauthenticated attackers to hijack user sessions.

How do I fix CVE-2020-1673?

To fix CVE-2020-1673, you should upgrade your Juniper Networks J-Web and Junos software to the latest patched version.

Which Juniper software versions are affected by CVE-2020-1673?

Affected Juniper software versions include multiple releases of Junos from 18.1 to 20.1.

Can CVE-2020-1673 affect my network security?

Yes, CVE-2020-1673 can significantly compromise network security by allowing attackers to perform administrative actions as legitimate users.

Vulnerability/
CVE-2020-1673

high

8.8

CWE

16/10/2020

16/9/2024

CVE-2020-1673: Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services

First published: Fri Oct 16 2020(Updated: )

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper Junos	=18.1
Juniper Junos	=18.1-r1
Juniper Junos	=18.1-r2
Juniper Junos	=18.1-r2-s1
Juniper Junos	=18.1-r2-s2
Juniper Junos	=18.1-r2-s4
Juniper Junos	=18.1-r3
Juniper Junos	=18.2
Juniper Junos	=18.2-r1
Juniper Junos	=18.2-r1
Juniper Junos	=18.2-r1-s3
Juniper Junos	=18.2-r1-s4
Juniper Junos	=18.2-r1-s5
Juniper Junos	=18.2-r2
Juniper Junos	=18.2-r2-s1
Juniper Junos	=18.2-r2-s2
Juniper Junos	=18.2-r2-s3
Juniper Junos	=18.2-r2-s4
Juniper Junos	=18.2-r2-s5
Juniper Junos	=18.2-r2-s6
Juniper Junos	=18.2-r3
Juniper Junos	=18.2-r3-s1
Juniper Junos	=18.2-r3-s2
Juniper Junos	=18.2-r3-s3
Juniper Junos	=18.2-r3-s4
Juniper Junos	=18.3
Juniper Junos	=18.3-r1
Juniper Junos	=18.3-r1-s1
Juniper Junos	=18.3-r1-s2
Juniper Junos	=18.3-r1-s3
Juniper Junos	=18.3-r1-s5
Juniper Junos	=18.3-r1-s6
Juniper Junos	=18.3-r2
Juniper Junos	=18.3-r2-s1
Juniper Junos	=18.3-r2-s2
Juniper Junos	=18.3-r2-s3
Juniper Junos	=18.3-r3
Juniper Junos	=18.3-r3-s1
Juniper Junos	=18.4
Juniper Junos	=18.4-r1
Juniper Junos	=18.4-r1-s1
Juniper Junos	=18.4-r1-s2
Juniper Junos	=18.4-r1-s5
Juniper Junos	=18.4-r1-s6
Juniper Junos	=18.4-r2
Juniper Junos	=18.4-r2-s1
Juniper Junos	=18.4-r2-s2
Juniper Junos	=18.4-r2-s3
Juniper Junos	=18.4-r2-s4
Juniper Junos	=18.4-r3
Juniper Junos	=18.4-r3-s1
Juniper Junos	=19.1
Juniper Junos	=19.1-r1
Juniper Junos	=19.1-r1-s1
Juniper Junos	=19.1-r1-s2
Juniper Junos	=19.1-r1-s3
Juniper Junos	=19.1-r1-s4
Juniper Junos	=19.1-r2
Juniper Junos	=19.1-r2-s1
Juniper Junos	=19.1-r3
Juniper Junos	=19.2
Juniper Junos	=19.2-r1
Juniper Junos	=19.2-r1-s1
Juniper Junos	=19.2-r1-s2
Juniper Junos	=19.2-r1-s3
Juniper Junos	=19.2-r1-s4
Juniper Junos	=19.3
Juniper Junos	=19.3-r1
Juniper Junos	=19.3-r1-s1
Juniper Junos	=19.3-r2
Juniper Junos	=19.3-r2-s1
Juniper Junos	=19.3-r2-s2
Juniper Junos	=19.3-r2-s3
Juniper Junos	=19.4-r1
Juniper Junos	=19.4-r1-s1
Juniper Junos	=19.4-r1-s2
Juniper Junos	=20.1-r1

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS 18.1R3-S11, 18.2R3-S5, 18.3R2-S4, 18.3R3-S2, 18.4R2-S5, 18.4R3-S2, 19.1R2-S2, 19.1R3-S1, 19.2R1-S5, 19.2R2, 19.3R2-S4, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1-S2, 20.1R2, 20.2R1 and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11070

Frequently Asked Questions

What is the severity of CVE-2020-1673?
CVE-2020-1673 is rated as a critical severity vulnerability due to its ability to allow unauthenticated attackers to hijack user sessions.
How do I fix CVE-2020-1673?
To fix CVE-2020-1673, you should upgrade your Juniper Networks J-Web and Junos software to the latest patched version.
What vulnerabilities does CVE-2020-1673 address?
CVE-2020-1673 addresses insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web services.
Which Juniper software versions are affected by CVE-2020-1673?
Affected Juniper software versions include multiple releases of Junos from 18.1 to 20.1.
Can CVE-2020-1673 affect my network security?
Yes, CVE-2020-1673 can significantly compromise network security by allowing attackers to perform administrative actions as legitimate users.

agent/type
agent/softwarecombine
agent/title
agent/weakness
agent/severity
agent/references
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/juniper
canonical/juniper junos
version/juniper junos/18.1
version/juniper junos/18.1-r1
version/juniper junos/18.1-r2
version/juniper junos/18.1-r2-s1
version/juniper junos/18.1-r2-s2
version/juniper junos/18.1-r2-s4
version/juniper junos/18.1-r3
version/juniper junos/18.2
version/juniper junos/18.2-r1
version/juniper junos/18.2-r1-s3
version/juniper junos/18.2-r1-s4
version/juniper junos/18.2-r1-s5
version/juniper junos/18.2-r2
version/juniper junos/18.2-r2-s1
version/juniper junos/18.2-r2-s2
version/juniper junos/18.2-r2-s3
version/juniper junos/18.2-r2-s4
version/juniper junos/18.2-r2-s5
version/juniper junos/18.2-r2-s6
version/juniper junos/18.2-r3
version/juniper junos/18.2-r3-s1
version/juniper junos/18.2-r3-s2
version/juniper junos/18.2-r3-s3
version/juniper junos/18.2-r3-s4
version/juniper junos/18.3
version/juniper junos/18.3-r1
version/juniper junos/18.3-r1-s1
version/juniper junos/18.3-r1-s2
version/juniper junos/18.3-r1-s3
version/juniper junos/18.3-r1-s5
version/juniper junos/18.3-r1-s6
version/juniper junos/18.3-r2
version/juniper junos/18.3-r2-s1
version/juniper junos/18.3-r2-s2
version/juniper junos/18.3-r2-s3
version/juniper junos/18.3-r3
version/juniper junos/18.3-r3-s1
version/juniper junos/18.4
version/juniper junos/18.4-r1
version/juniper junos/18.4-r1-s1
version/juniper junos/18.4-r1-s2
version/juniper junos/18.4-r1-s5
version/juniper junos/18.4-r1-s6
version/juniper junos/18.4-r2
version/juniper junos/18.4-r2-s1
version/juniper junos/18.4-r2-s2
version/juniper junos/18.4-r2-s3
version/juniper junos/18.4-r2-s4
version/juniper junos/18.4-r3
version/juniper junos/18.4-r3-s1
version/juniper junos/19.1
version/juniper junos/19.1-r1
version/juniper junos/19.1-r1-s1
version/juniper junos/19.1-r1-s2
version/juniper junos/19.1-r1-s3
version/juniper junos/19.1-r1-s4
version/juniper junos/19.1-r2
version/juniper junos/19.1-r2-s1
version/juniper junos/19.1-r3
version/juniper junos/19.2
version/juniper junos/19.2-r1
version/juniper junos/19.2-r1-s1
version/juniper junos/19.2-r1-s2
version/juniper junos/19.2-r1-s3
version/juniper junos/19.2-r1-s4
version/juniper junos/19.3
version/juniper junos/19.3-r1
version/juniper junos/19.3-r1-s1
version/juniper junos/19.3-r2
version/juniper junos/19.3-r2-s1
version/juniper junos/19.3-r2-s2
version/juniper junos/19.3-r2-s3
version/juniper junos/19.4-r1
version/juniper junos/19.4-r1-s1
version/juniper junos/19.4-r1-s2
version/juniper junos/20.1-r1

CVE-2020-1673: Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-1673?

How do I fix CVE-2020-1673?

What vulnerabilities does CVE-2020-1673 address?

Which Juniper software versions are affected by CVE-2020-1673?

Can CVE-2020-1673 affect my network security?

Company

Resources

Contact