// For flags

CVE-2018-0047

Junos Space Security Director: XSS vulnerability in web administration

Severity Score

5.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el la interfaz del framework empleado por Junos Space Security Director podría permitir que usuarios autenticados inyecten scripts persistentes y maliciosos. Esto podría permitir el robo de información o la realización de acciones como otro usuario cuando otros acceden a la interfaz web de Security Director. Este problema afecta a todas las versiones de Juniper Networks Junos Space Security Director en versiones anteriores a la 17.2R2.

*Credits: Marcel Bilal of IT-Dienstleistungszentrum Berlin
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-16 CVE Reserved
  • 2018-10-10 CVE Published
  • 2024-08-19 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
http://www.securitytracker.com/id/1041863 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA10881 2019-10-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
13.3
Search vendor "Juniper" for product "Junos Space" and version "13.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
13.3
Search vendor "Juniper" for product "Junos Space" and version "13.3"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
14.1
Search vendor "Juniper" for product "Junos Space" and version "14.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
14.1
Search vendor "Juniper" for product "Junos Space" and version "14.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
14.1
Search vendor "Juniper" for product "Junos Space" and version "14.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.1
Search vendor "Juniper" for product "Junos Space" and version "15.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.1
Search vendor "Juniper" for product "Junos Space" and version "15.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.1
Search vendor "Juniper" for product "Junos Space" and version "15.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.1
Search vendor "Juniper" for product "Junos Space" and version "15.1"
r4
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.2
Search vendor "Juniper" for product "Junos Space" and version "15.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
15.2
Search vendor "Juniper" for product "Junos Space" and version "15.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
16.1
Search vendor "Juniper" for product "Junos Space" and version "16.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
16.1
Search vendor "Juniper" for product "Junos Space" and version "16.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
16.1
Search vendor "Juniper" for product "Junos Space" and version "16.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
17.1
Search vendor "Juniper" for product "Junos Space" and version "17.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Space
Search vendor "Juniper" for product "Junos Space"
17.2
Search vendor "Juniper" for product "Junos Space" and version "17.2"
r1
Affected