critical
9.3
CWE
79
Advisory Published
Updated

CVE-2021-0275: Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session.

First published: Wed Apr 14 2021(Updated: )

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Junos OS Evolved=12.3
Junos OS Evolved=12.3-r1
Junos OS Evolved=12.3-r10
Junos OS Evolved=12.3-r10-s1
Junos OS Evolved=12.3-r10-s2
Junos OS Evolved=12.3-r11
Junos OS Evolved=12.3-r12
Junos OS Evolved=12.3-r12-s1
Junos OS Evolved=12.3-r12-s10
Junos OS Evolved=12.3-r12-s11
Junos OS Evolved=12.3-r12-s12
Junos OS Evolved=12.3-r12-s13
Junos OS Evolved=12.3-r12-s14
Junos OS Evolved=12.3-r12-s3
Junos OS Evolved=12.3-r12-s4
Junos OS Evolved=12.3-r12-s6
Junos OS Evolved=12.3-r12-s8
Junos OS Evolved=15.1
Junos OS Evolved=15.1-a1
Junos OS Evolved=15.1-f
Junos OS Evolved=15.1-f1
Junos OS Evolved=15.1-f2
Junos OS Evolved=15.1-f2-s1
Junos OS Evolved=15.1-f2-s2
Junos OS Evolved=15.1-f2-s3
Junos OS Evolved=15.1-f2-s4
Junos OS Evolved=15.1-f3
Junos OS Evolved=15.1-f4
Junos OS Evolved=15.1-f5
Junos OS Evolved=15.1-f5-s7
Junos OS Evolved=15.1-f6
Junos OS Evolved=15.1-f6-s1
Junos OS Evolved=15.1-f6-s10
Junos OS Evolved=15.1-f6-s12
Junos OS Evolved=15.1-f6-s2
Junos OS Evolved=15.1-f6-s3
Junos OS Evolved=15.1-f6-s4
Junos OS Evolved=15.1-f6-s5
Junos OS Evolved=15.1-f6-s6
Junos OS Evolved=15.1-f6-s7
Junos OS Evolved=15.1-f6-s8
Junos OS Evolved=15.1-f6-s9
Junos OS Evolved=15.1-f7
Junos OS Evolved=15.1-r
Junos OS Evolved=15.1-r1
Junos OS Evolved=15.1-r2
Junos OS Evolved=15.1-r3
Junos OS Evolved=15.1-r4
Junos OS Evolved=15.1-r4-s7
Junos OS Evolved=15.1-r4-s8
Junos OS Evolved=15.1-r4-s9
Junos OS Evolved=15.1-r5
Junos OS Evolved=15.1-r5-s1
Junos OS Evolved=15.1-r5-s3
Junos OS Evolved=15.1-r5-s5
Junos OS Evolved=15.1-r5-s6
Junos OS Evolved=15.1-r6
Junos OS Evolved=15.1-r6-s1
Junos OS Evolved=15.1-r6-s2
Junos OS Evolved=15.1-r6-s3
Junos OS Evolved=15.1-r6-s4
Junos OS Evolved=15.1-r6-s6
Junos OS Evolved=15.1-r7
Junos OS Evolved=15.1-r7-s1
Junos OS Evolved=15.1-r7-s2
Junos OS Evolved=15.1-r7-s3
Junos OS Evolved=15.1-r7-s4
Junos OS Evolved=15.1-r7-s5
Juniper EX2300-24T
Juniper EX2300-C
Juniper EX3400
Juniper EX Series
Juniper EX4300-24T
Juniper EX4400-24X
Juniper EX4600
Juniper EX4650
Juniper EX9200
Juniper EX9250
Junos OS Evolved=12.3x48
Junos OS Evolved=12.3x48-d10
Junos OS Evolved=12.3x48-d15
Junos OS Evolved=12.3x48-d20
Junos OS Evolved=12.3x48-d25
Junos OS Evolved=12.3x48-d30
Junos OS Evolved=12.3x48-d35
Junos OS Evolved=12.3x48-d40
Junos OS Evolved=12.3x48-d45
Junos OS Evolved=12.3x48-d50
Junos OS Evolved=12.3x48-d51
Junos OS Evolved=12.3x48-d55
Junos OS Evolved=12.3x48-d60
Junos OS Evolved=12.3x48-d65
Junos OS Evolved=12.3x48-d66
Junos OS Evolved=12.3x48-d70
Junos OS Evolved=12.3x48-d75
Junos OS Evolved=12.3x48-d80
Junos OS Evolved=12.3x48-d85
Junos OS Evolved=12.3x48-d90
Junos OS Evolved=15.1x49
Junos OS Evolved=15.1x49-d10
Junos OS Evolved=15.1x49-d100
Junos OS Evolved=15.1x49-d110
Junos OS Evolved=15.1x49-d120
Junos OS Evolved=15.1x49-d130
Junos OS Evolved=15.1x49-d131
Junos OS Evolved=15.1x49-d140
Junos OS Evolved=15.1x49-d15
Junos OS Evolved=15.1x49-d150
Junos OS Evolved=15.1x49-d160
Junos OS Evolved=15.1x49-d170
Junos OS Evolved=15.1x49-d180
Junos OS Evolved=15.1x49-d190
Junos OS Evolved=15.1x49-d20
Junos OS Evolved=15.1x49-d25
Junos OS Evolved=15.1x49-d30
Junos OS Evolved=15.1x49-d35
Junos OS Evolved=15.1x49-d40
Junos OS Evolved=15.1x49-d45
Junos OS Evolved=15.1x49-d50
Junos OS Evolved=15.1x49-d55
Junos OS Evolved=15.1x49-d60
Junos OS Evolved=15.1x49-d65
Junos OS Evolved=15.1x49-d70
Junos OS Evolved=15.1x49-d75
Junos OS Evolved=15.1x49-d80
Junos OS Evolved=15.1x49-d90
Juniper SRX1500
Juniper SRX300
Juniper SRX320
Juniper SRX340
Juniper SRX345
Juniper SRX380
Juniper SRX4100
Juniper SRX4200
Juniper SRX4600
Juniper SRX5400
Juniper SRX550
Juniper SRX5600
Juniper SRX5800
Junos OS Evolved=16.1
Junos OS Evolved=16.1-r
Junos OS Evolved=16.1-r1
Junos OS Evolved=16.1-r2
Junos OS Evolved=16.1-r3
Junos OS Evolved=16.1-r3-s10
Junos OS Evolved=16.1-r3-s11
Junos OS Evolved=16.1-r3-s8
Junos OS Evolved=16.1-r4
Junos OS Evolved=16.1-r4-s12
Junos OS Evolved=16.1-r4-s2
Junos OS Evolved=16.1-r4-s3
Junos OS Evolved=16.1-r4-s4
Junos OS Evolved=16.1-r4-s6
Junos OS Evolved=16.1-r4-s8
Junos OS Evolved=16.1-r4-s9
Junos OS Evolved=16.1-r5
Junos OS Evolved=16.1-r5-s4
Junos OS Evolved=16.1-r6
Junos OS Evolved=16.1-r6-s1
Junos OS Evolved=16.1-r6-s3
Junos OS Evolved=16.1-r6-s4
Junos OS Evolved=16.1-r6-s6
Junos OS Evolved=16.1-r7
Junos OS Evolved=16.1-r7-s2
Junos OS Evolved=16.1-r7-s3
Junos OS Evolved=16.1-r7-s4
Junos OS Evolved=16.1-r7-s5
Junos OS Evolved=16.1-r7-s6
Junos OS Evolved=16.2
Junos OS Evolved=16.2-r1
Junos OS Evolved=16.2-r1-s6
Junos OS Evolved=16.2-r2
Junos OS Evolved=16.2-r2-s1
Junos OS Evolved=16.2-r2-s10
Junos OS Evolved=16.2-r2-s2
Junos OS Evolved=16.2-r2-s5
Junos OS Evolved=16.2-r2-s6
Junos OS Evolved=16.2-r2-s7
Junos OS Evolved=16.2-r2-s8
Junos OS Evolved=16.2-r2-s9
Junos OS Evolved=17.1
Junos OS Evolved=17.1-r1
Junos OS Evolved=17.1-r1-s7
Junos OS Evolved=17.1-r2
Junos OS Evolved=17.1-r2-s1
Junos OS Evolved=17.1-r2-s10
Junos OS Evolved=17.1-r2-s2
Junos OS Evolved=17.1-r2-s3
Junos OS Evolved=17.1-r2-s4
Junos OS Evolved=17.1-r2-s5
Junos OS Evolved=17.1-r2-s6
Junos OS Evolved=17.1-r2-s7
Junos OS Evolved=17.1-r2-s8
Junos OS Evolved=17.1-r2-s9
Junos OS Evolved=17.1-r3
Junos OS Evolved=17.1-r3-s1
Junos OS Evolved=17.2
Junos OS Evolved=17.2-r1
Junos OS Evolved=17.2-r1-s1
Junos OS Evolved=17.2-r1-s2
Junos OS Evolved=17.2-r1-s3
Junos OS Evolved=17.2-r1-s4
Junos OS Evolved=17.2-r1-s5
Junos OS Evolved=17.2-r1-s6
Junos OS Evolved=17.2-r1-s7
Junos OS Evolved=17.2-r1-s8
Junos OS Evolved=17.2-r2
Junos OS Evolved=17.2-r2-s11
Junos OS Evolved=17.2-r2-s4
Junos OS Evolved=17.2-r2-s6
Junos OS Evolved=17.2-r2-s7
Junos OS Evolved=17.2-r3
Junos OS Evolved=17.2-r3-s1
Junos OS Evolved=17.2-r3-s2
Junos OS Evolved=17.3
Junos OS Evolved=17.3-r1
Junos OS Evolved=17.3-r1-s1
Junos OS Evolved=17.3-r1-s4
Junos OS Evolved=17.3-r2
Junos OS Evolved=17.3-r2-s1
Junos OS Evolved=17.3-r2-s2
Junos OS Evolved=17.3-r2-s3
Junos OS Evolved=17.3-r2-s4
Junos OS Evolved=17.3-r3
Junos OS Evolved=17.3-r3-s1
Junos OS Evolved=17.3-r3-s10
Junos OS Evolved=17.3-r3-s2
Junos OS Evolved=17.3-r3-s3
Junos OS Evolved=17.3-r3-s4
Junos OS Evolved=17.3-r3-s5
Junos OS Evolved=17.3-r3-s6
Junos OS Evolved=17.4
Junos OS Evolved=17.4-r1
Junos OS Evolved=17.4-r1-s1
Junos OS Evolved=17.4-r1-s2
Junos OS Evolved=17.4-r1-s3
Junos OS Evolved=17.4-r1-s4
Junos OS Evolved=17.4-r1-s5
Junos OS Evolved=17.4-r1-s6
Junos OS Evolved=17.4-r1-s7
Junos OS Evolved=17.4-r2
Junos OS Evolved=17.4-r2-s1
Junos OS Evolved=17.4-r2-s2
Junos OS Evolved=17.4-r2-s3
Junos OS Evolved=17.4-r2-s4
Junos OS Evolved=17.4-r2-s5
Junos OS Evolved=17.4-r2-s6
Junos OS Evolved=17.4-r2-s7
Junos OS Evolved=17.4-r2-s8
Junos OS Evolved=18.1
Junos OS Evolved=18.1-r1
Junos OS Evolved=18.1-r2
Junos OS Evolved=18.1-r2-s1
Junos OS Evolved=18.1-r2-s2
Junos OS Evolved=18.1-r2-s4
Junos OS Evolved=18.1-r3
Junos OS Evolved=18.1-r3-s1
Junos OS Evolved=18.1-r3-s2
Junos OS Evolved=18.1-r3-s3
Junos OS Evolved=18.1-r3-s4
Junos OS Evolved=18.1-r3-s5
Junos OS Evolved=18.1-r3-s6
Junos OS Evolved=18.1-r3-s7
Junos OS Evolved=18.1-r3-s8
Junos OS Evolved=18.2
Junos OS Evolved=18.2-r1
Junos OS Evolved=18.2-r1
Junos OS Evolved=18.2-r1-s2
Junos OS Evolved=18.2-r1-s3
Junos OS Evolved=18.2-r1-s4
Junos OS Evolved=18.2-r1-s5
Junos OS Evolved=18.2-r2
Junos OS Evolved=18.2-r2-s1
Junos OS Evolved=18.2-r2-s2
Junos OS Evolved=18.2-r2-s3
Junos OS Evolved=18.2-r2-s4
Junos OS Evolved=18.2-r2-s5
Junos OS Evolved=18.2-r2-s6
Junos OS Evolved=18.2-r3
Junos OS Evolved=18.2-r3-s1
Junos OS Evolved=18.2-r3-s2
Junos OS Evolved=18.3
Junos OS Evolved=18.3-r1
Junos OS Evolved=18.3-r1-s1
Junos OS Evolved=18.3-r1-s2
Junos OS Evolved=18.3-r1-s3
Junos OS Evolved=18.3-r1-s4
Junos OS Evolved=18.3-r1-s5
Junos OS Evolved=18.3-r1-s6
Junos OS Evolved=18.3-r2
Junos OS Evolved=18.3-r2-s1
Junos OS Evolved=18.3-r2-s2
Junos OS Evolved=18.3-r3
Junos OS Evolved=18.4
Junos OS Evolved=18.4-r1
Junos OS Evolved=18.4-r1-s1
Junos OS Evolved=18.4-r1-s2
Junos OS Evolved=18.4-r1-s3
Junos OS Evolved=18.4-r1-s4
Junos OS Evolved=18.4-r1-s5
Junos OS Evolved=18.4-r2
Junos OS Evolved=18.4-r2-s1
Junos OS Evolved=18.4-r2-s2
Junos OS Evolved=18.4-r2-s3
Junos OS Evolved=19.1
Junos OS Evolved=19.1-r1
Junos OS Evolved=19.1-r1-s1
Junos OS Evolved=19.1-r1-s2
Junos OS Evolved=19.1-r1-s3
Junos OS Evolved=19.1-r1-s4
Junos OS Evolved=19.1-r1-s5
Junos OS Evolved=19.1-r2
Junos OS Evolved=19.2
Junos OS Evolved=19.2-r1
Junos OS Evolved=19.2-r1-s1
Junos OS Evolved=19.2-r1-s2
Junos OS Evolved=19.3
Junos OS Evolved=19.3-r1
Junos OS Evolved=19.3-r1-s1

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 16.1R7-S7, 16.2R2-S11, 16.2R3, 17.1R2-S11, 17.1R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R3-S7, 17.4R2-S9, 17.4R3, 18.1R3-S9, 18.2R2-S7, 18.2R3-S3, 18.3R1-S7, 18.3R2-S3, 18.3R3-S1, 18.4R1-S6, 18.4R2-S4, 18.4R3, 19.1R2-S1, 19.1R3, 19.2R1-S3, 19.2R2, 19.3R2, 19.4R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-0275?

    CVE-2021-0275 has been rated as a medium severity vulnerability.

  • How do I fix CVE-2021-0275?

    To fix CVE-2021-0275, it is recommended to upgrade to a patched version of Junos OS as provided by Juniper Networks.

  • Which Junos OS versions are affected by CVE-2021-0275?

    CVE-2021-0275 affects Junos OS versions 12.3, 15.1, and 16.1 among others.

  • Can CVE-2021-0275 be exploited remotely?

    CVE-2021-0275 requires an active user session to successfully exploit the vulnerability.

  • What type of vulnerability is CVE-2021-0275?

    CVE-2021-0275 is identified as a Cross-site Scripting (XSS) vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203