Juniper ScreenOS Multiple HTML Injection Vulnerabilities

Juniper ScreenOS is prone to multiple HTML-injection vulnerabilities.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Information

Bugtraq ID: 99590
Class: Input Validation Error
CVE: CVE-2017-2335
CVE-2017-2336
CVE-2017-2337
CVE-2017-2338
CVE-2017-2339

Remote: Yes
Local: No
Published: Jul 14 2017 12:00AM
Updated: Jul 14 2017 12:00AM
Credit: Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc.
Vulnerable: Juniper screenos 6.3.0r22
Juniper screenos 6.3.0r21
Juniper screenos 6.3.0r20
Juniper screenos 6.3.0r19
Juniper screenos 6.3.0R13
Juniper screenos 6.3.0R12

Not Vulnerable:

Exploit

Attackers can exploit these issues using browser.

References:

Juniper HomePage (Juniper)
2017-07 Security Bulletin: ScreenOS: Multiple XSS vulnerabilities in ScreenOS Fi (juniper)

Source: www.securityfocus.com

Exploit Collector

Search Exploit