Juniper ScreenOS Multiple HTML Injection Vulnerabilities

Juniper ScreenOS is prone to multiple HTML-injection vulnerabilities.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.


Bugtraq ID: 99590
Class: Input Validation Error
CVE: CVE-2017-2335

Remote: Yes
Local: No
Published: Jul 14 2017 12:00AM
Updated: Jul 14 2017 12:00AM
Credit: Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc.
Vulnerable: Juniper screenos 6.3.0r22
Juniper screenos 6.3.0r21
Juniper screenos 6.3.0r20
Juniper screenos 6.3.0r19
Juniper screenos 6.3.0R13
Juniper screenos 6.3.0R12

Not Vulnerable:


Attackers can exploit these issues using browser.

Related Posts