CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-2335

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v3 Score 8.4

CVSS v2 Score 3.5

References

http://www.securityfocus.com/bid/99590
http://www.securitytracker.com/id/1038881
https://kb.juniper.net/JSA10782
http://www.securityfocus.com/bid/99590
http://www.securitytracker.com/id/1038881
https://kb.juniper.net/JSA10782

Products affected by CVE-2017-2335

Juniper » Screenos » Version: 6.3.0

cpe:2.3:o:juniper:screenos:6.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2335

Products

Pricing

Contact Us