CVE-2018-0059

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
juniperCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
junipernetscreen_screenos
6.3.0
junipernetscreen_screenos
6.3.0r1:r1
junipernetscreen_screenos
6.3.0r2:r2
junipernetscreen_screenos
6.3.0r3:r3
junipernetscreen_screenos
6.3.0r4:r4
junipernetscreen_screenos
6.3.0r5:r5
junipernetscreen_screenos
6.3.0r6:r6
junipernetscreen_screenos
6.3.0r7:r7
junipernetscreen_screenos
6.3.0r8:r8
junipernetscreen_screenos
6.3.0r9:r9
junipernetscreen_screenos
6.3.0r10:r10
junipernetscreen_screenos
6.3.0r11:r11
junipernetscreen_screenos
6.3.0r12:r12
junipernetscreen_screenos
6.3.0r13:r13
junipernetscreen_screenos
6.3.0r14:r14
junipernetscreen_screenos
6.3.0r15:r15
junipernetscreen_screenos
6.3.0r16:r16
junipernetscreen_screenos
6.3.0r17:r17
junipernetscreen_screenos
6.3.0r18:r18
junipernetscreen_screenos
6.3.0r19:r19
junipernetscreen_screenos
6.3.0r21:r21
junipernetscreen_screenos
6.3.0r22:r22
junipernetscreen_screenos
6.3.0r23:r23
junipernetscreen_screenos
6.3.0r23b1:r23b1
junipernetscreen_screenos
6.3.0r24:r24
junipernetscreen_screenos
6.3.0r24b1:r24b1
junipernetscreen_screenos
6.3.0r25:r25
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.juniper.net/JSA10894
https://kb.juniper.net/JSA10894