CVE-2021-31355: Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal

First published: Tue Oct 19 2021(Updated: )

A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper JUNOS	=12.3x48
Juniper JUNOS	=12.3x48-d10
Juniper JUNOS	=12.3x48-d100
Juniper JUNOS	=12.3x48-d15
Juniper JUNOS	=12.3x48-d20
Juniper JUNOS	=12.3x48-d25
Juniper JUNOS	=12.3x48-d30
Juniper JUNOS	=12.3x48-d35
Juniper JUNOS	=12.3x48-d40
Juniper JUNOS	=12.3x48-d45
Juniper JUNOS	=12.3x48-d50
Juniper JUNOS	=12.3x48-d51
Juniper JUNOS	=12.3x48-d55
Juniper JUNOS	=12.3x48-d60
Juniper JUNOS	=12.3x48-d65
Juniper JUNOS	=12.3x48-d66
Juniper JUNOS	=12.3x48-d70
Juniper JUNOS	=12.3x48-d75
Juniper JUNOS	=12.3x48-d80
Juniper JUNOS	=12.3x48-d85
Juniper JUNOS	=12.3x48-d90
Juniper JUNOS	=12.3x48-d95
Juniper JUNOS	=15.1x49
Juniper JUNOS	=15.1x49-d10
Juniper JUNOS	=15.1x49-d100
Juniper JUNOS	=15.1x49-d110
Juniper JUNOS	=15.1x49-d120
Juniper JUNOS	=15.1x49-d130
Juniper JUNOS	=15.1x49-d131
Juniper JUNOS	=15.1x49-d140
Juniper JUNOS	=15.1x49-d15
Juniper JUNOS	=15.1x49-d150
Juniper JUNOS	=15.1x49-d160
Juniper JUNOS	=15.1x49-d170
Juniper JUNOS	=15.1x49-d180
Juniper JUNOS	=15.1x49-d190
Juniper JUNOS	=15.1x49-d20
Juniper JUNOS	=15.1x49-d200
Juniper JUNOS	=15.1x49-d210
Juniper JUNOS	=15.1x49-d25
Juniper JUNOS	=15.1x49-d30
Juniper JUNOS	=15.1x49-d35
Juniper JUNOS	=15.1x49-d40
Juniper JUNOS	=15.1x49-d45
Juniper JUNOS	=15.1x49-d50
Juniper JUNOS	=15.1x49-d55
Juniper JUNOS	=15.1x49-d60
Juniper JUNOS	=15.1x49-d65
Juniper JUNOS	=15.1x49-d70
Juniper JUNOS	=15.1x49-d75
Juniper JUNOS	=15.1x49-d80
Juniper JUNOS	=15.1x49-d90
Juniper JUNOS	=18.3
Juniper JUNOS	=18.3-r1
Juniper JUNOS	=18.3-r1-s1
Juniper JUNOS	=18.3-r1-s2
Juniper JUNOS	=18.3-r1-s3
Juniper JUNOS	=18.3-r1-s4
Juniper JUNOS	=18.3-r1-s5
Juniper JUNOS	=18.3-r1-s6
Juniper JUNOS	=18.3-r2
Juniper JUNOS	=18.3-r2-s1
Juniper JUNOS	=18.3-r2-s2
Juniper JUNOS	=18.3-r2-s3
Juniper JUNOS	=18.3-r3
Juniper JUNOS	=18.3-r3-s1
Juniper JUNOS	=18.3-r3-s2
Juniper JUNOS	=18.4
Juniper JUNOS	=18.4-r1
Juniper JUNOS	=18.4-r1-s1
Juniper JUNOS	=18.4-r1-s2
Juniper JUNOS	=18.4-r1-s3
Juniper JUNOS	=18.4-r1-s4
Juniper JUNOS	=18.4-r1-s5
Juniper JUNOS	=18.4-r1-s6
Juniper JUNOS	=18.4-r1-s7
Juniper JUNOS	=18.4-r2
Juniper JUNOS	=18.4-r2-s1
Juniper JUNOS	=18.4-r2-s2
Juniper JUNOS	=18.4-r2-s3
Juniper JUNOS	=18.4-r2-s4
Juniper JUNOS	=18.4-r3
Juniper JUNOS	=18.4-r3-s1
Juniper JUNOS	=18.4-r3-s2
Juniper JUNOS	=18.4-r3-s3
Juniper JUNOS	=19.1
Juniper JUNOS	=19.1-r1
Juniper JUNOS	=19.1-r1-s1
Juniper JUNOS	=19.1-r1-s2
Juniper JUNOS	=19.1-r1-s3
Juniper JUNOS	=19.1-r1-s4
Juniper JUNOS	=19.1-r1-s5
Juniper JUNOS	=19.1-r2
Juniper JUNOS	=19.1-r2-s1
Juniper JUNOS	=19.1-r3
Juniper JUNOS	=19.1-r3-s1
Juniper JUNOS	=19.2
Juniper JUNOS	=19.2-r1
Juniper JUNOS	=19.2-r1-s1
Juniper JUNOS	=19.2-r1-s2
Juniper JUNOS	=19.2-r1-s3
Juniper JUNOS	=19.2-r1-s4
Juniper JUNOS	=19.2-r2
Juniper JUNOS	=19.2-r2-s1
Juniper JUNOS	=19.3
Juniper JUNOS	=19.3-r1
Juniper JUNOS	=19.3-r1-s1
Juniper JUNOS	=19.3-r2
Juniper JUNOS	=19.3-r2-s1
Juniper JUNOS	=19.3-r2-s2
Juniper JUNOS	=19.3-r2-s3
Juniper JUNOS	=19.4-r1
Juniper JUNOS	=19.4-r1-s1
Juniper JUNOS	=19.4-r1-s2
Juniper JUNOS	=19.4-r2
Juniper JUNOS	=19.4-r2-s1
Juniper JUNOS	=20.1-r1
Juniper JUNOS	=20.1-r1-s1
Juniper JUNOS	=20.1-r1-s2
Juniper JUNOS	=20.1-r1-s3
Juniper JUNOS	=20.1-r1-s4
Juniper JUNOS	=20.1-r2
Juniper JUNOS	=20.1-r2-s1
Juniper JUNOS	=20.1-r2-s2
Juniper JUNOS	=20.2-r1
Juniper JUNOS	=20.2-r2
Juniper JUNOS	=20.3-r1
Juniper JUNOS	=20.3-r1-s1
Juniper JUNOS	=20.4-r1
Juniper JUNOS	=20.4-r1-s1
Juniper JUNOS	=21.1-r1
Juniper JUNOS	=21.1-r1-s1

Remedy

https://kb.juniper.net/JSA11220

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS 12.3X48-D105, 15.1X49-D220, 18.3R3-S5, 18.4R3-S9, 19.1R3-S7, 19.2R3-S3, 19.3R3-S4, 19.4R3-S6, 20.1R3, 20.2R1-S1, 20.2R2, 20.3R2, 20.4R2, 21.1R2, 21.2R1 and all subsequent releases. Additionally, after performing an upgrade to a resolved release, additional steps must be taken to ensure that all stored malicious scripts are removed from the configuration.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11220

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/references
agent/title
agent/severity
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/juniper
canonical/juniper junos
version/juniper junos/12.3x48
version/juniper junos/12.3x48-d10
version/juniper junos/12.3x48-d100
version/juniper junos/12.3x48-d15
version/juniper junos/12.3x48-d20
version/juniper junos/12.3x48-d25
version/juniper junos/12.3x48-d30
version/juniper junos/12.3x48-d35
version/juniper junos/12.3x48-d40
version/juniper junos/12.3x48-d45
version/juniper junos/12.3x48-d50
version/juniper junos/12.3x48-d51
version/juniper junos/12.3x48-d55
version/juniper junos/12.3x48-d60
version/juniper junos/12.3x48-d65
version/juniper junos/12.3x48-d66
version/juniper junos/12.3x48-d70
version/juniper junos/12.3x48-d75
version/juniper junos/12.3x48-d80
version/juniper junos/12.3x48-d85
version/juniper junos/12.3x48-d90
version/juniper junos/12.3x48-d95
version/juniper junos/15.1x49
version/juniper junos/15.1x49-d10
version/juniper junos/15.1x49-d100
version/juniper junos/15.1x49-d110
version/juniper junos/15.1x49-d120
version/juniper junos/15.1x49-d130
version/juniper junos/15.1x49-d131
version/juniper junos/15.1x49-d140
version/juniper junos/15.1x49-d15
version/juniper junos/15.1x49-d150
version/juniper junos/15.1x49-d160
version/juniper junos/15.1x49-d170
version/juniper junos/15.1x49-d180
version/juniper junos/15.1x49-d190
version/juniper junos/15.1x49-d20
version/juniper junos/15.1x49-d200
version/juniper junos/15.1x49-d210
version/juniper junos/15.1x49-d25
version/juniper junos/15.1x49-d30
version/juniper junos/15.1x49-d35
version/juniper junos/15.1x49-d40
version/juniper junos/15.1x49-d45
version/juniper junos/15.1x49-d50
version/juniper junos/15.1x49-d55
version/juniper junos/15.1x49-d60
version/juniper junos/15.1x49-d65
version/juniper junos/15.1x49-d70
version/juniper junos/15.1x49-d75
version/juniper junos/15.1x49-d80
version/juniper junos/15.1x49-d90
version/juniper junos/18.3
version/juniper junos/18.3-r1
version/juniper junos/18.3-r1-s1
version/juniper junos/18.3-r1-s2
version/juniper junos/18.3-r1-s3
version/juniper junos/18.3-r1-s4
version/juniper junos/18.3-r1-s5
version/juniper junos/18.3-r1-s6
version/juniper junos/18.3-r2
version/juniper junos/18.3-r2-s1
version/juniper junos/18.3-r2-s2
version/juniper junos/18.3-r2-s3
version/juniper junos/18.3-r3
version/juniper junos/18.3-r3-s1
version/juniper junos/18.3-r3-s2
version/juniper junos/18.4
version/juniper junos/18.4-r1
version/juniper junos/18.4-r1-s1
version/juniper junos/18.4-r1-s2
version/juniper junos/18.4-r1-s3
version/juniper junos/18.4-r1-s4
version/juniper junos/18.4-r1-s5
version/juniper junos/18.4-r1-s6
version/juniper junos/18.4-r1-s7
version/juniper junos/18.4-r2
version/juniper junos/18.4-r2-s1
version/juniper junos/18.4-r2-s2
version/juniper junos/18.4-r2-s3
version/juniper junos/18.4-r2-s4
version/juniper junos/18.4-r3
version/juniper junos/18.4-r3-s1
version/juniper junos/18.4-r3-s2
version/juniper junos/18.4-r3-s3
version/juniper junos/19.1
version/juniper junos/19.1-r1
version/juniper junos/19.1-r1-s1
version/juniper junos/19.1-r1-s2
version/juniper junos/19.1-r1-s3
version/juniper junos/19.1-r1-s4
version/juniper junos/19.1-r1-s5
version/juniper junos/19.1-r2
version/juniper junos/19.1-r2-s1
version/juniper junos/19.1-r3
version/juniper junos/19.1-r3-s1
version/juniper junos/19.2
version/juniper junos/19.2-r1
version/juniper junos/19.2-r1-s1
version/juniper junos/19.2-r1-s2
version/juniper junos/19.2-r1-s3
version/juniper junos/19.2-r1-s4
version/juniper junos/19.2-r2
version/juniper junos/19.2-r2-s1
version/juniper junos/19.3
version/juniper junos/19.3-r1
version/juniper junos/19.3-r1-s1
version/juniper junos/19.3-r2
version/juniper junos/19.3-r2-s1
version/juniper junos/19.3-r2-s2
version/juniper junos/19.3-r2-s3
version/juniper junos/19.4-r1
version/juniper junos/19.4-r1-s1
version/juniper junos/19.4-r1-s2
version/juniper junos/19.4-r2
version/juniper junos/19.4-r2-s1
version/juniper junos/20.1-r1
version/juniper junos/20.1-r1-s1
version/juniper junos/20.1-r1-s2
version/juniper junos/20.1-r1-s3
version/juniper junos/20.1-r1-s4
version/juniper junos/20.1-r2
version/juniper junos/20.1-r2-s1
version/juniper junos/20.1-r2-s2
version/juniper junos/20.2-r1
version/juniper junos/20.2-r2
version/juniper junos/20.3-r1
version/juniper junos/20.3-r1-s1
version/juniper junos/20.4-r1
version/juniper junos/20.4-r1-s1
version/juniper junos/21.1-r1
version/juniper junos/21.1-r1-s1

CVE-2021-31355: Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact