Juniper Junos SRX Series Web Authentication XSS (JSA10640)

medium Nessus Plugin ID 76507

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version number, the remote Junos device is affected by a reflected cross site scripting vulnerability. An attacker can exploit this to steal sensitive information or session credentials from firewall users.

Note that this issue only affects devices where Web Authentication is used for firewall user authentication

Solution

Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10640.

Plugin Details

Severity: Medium

ID: 76507

File Name: juniper_jsa10640.nasl

Version: 1.11

Type: combined

Family: Junos Local Security Checks

Published: 7/15/2014

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2014

Vulnerability Publication Date: 7/9/2014

Reference Information

CVE: CVE-2014-3821

BID: 68548

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

JSA: JSA10640

Detections

Analytics