CVE-2018-0047
Junos Space Security Director: XSS vulnerability in web administration
Severity Score
5.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Una vulnerabilidad Cross-Site Scripting (XSS) persistente en el la interfaz del framework empleado por Junos Space Security Director podría permitir que usuarios autenticados inyecten scripts persistentes y maliciosos. Esto podría permitir el robo de información o la realización de acciones como otro usuario cuando otros acceden a la interfaz web de Security Director. Este problema afecta a todas las versiones de Juniper Networks Junos Space Security Director en versiones anteriores a la 17.2R2.
*Credits:
Marcel Bilal of IT-Dienstleistungszentrum Berlin
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-16 CVE Reserved
- 2018-10-10 CVE Published
- 2024-08-19 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041863 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10881 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 13.3 Search vendor "Juniper" for product "Junos Space" and version "13.3" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 13.3 Search vendor "Juniper" for product "Junos Space" and version "13.3" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 14.1 Search vendor "Juniper" for product "Junos Space" and version "14.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 14.1 Search vendor "Juniper" for product "Junos Space" and version "14.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 14.1 Search vendor "Juniper" for product "Junos Space" and version "14.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.1 Search vendor "Juniper" for product "Junos Space" and version "15.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.1 Search vendor "Juniper" for product "Junos Space" and version "15.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.1 Search vendor "Juniper" for product "Junos Space" and version "15.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.1 Search vendor "Juniper" for product "Junos Space" and version "15.1" | r4 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.2 Search vendor "Juniper" for product "Junos Space" and version "15.2" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 15.2 Search vendor "Juniper" for product "Junos Space" and version "15.2" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 16.1 Search vendor "Juniper" for product "Junos Space" and version "16.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 16.1 Search vendor "Juniper" for product "Junos Space" and version "16.1" | r2 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 16.1 Search vendor "Juniper" for product "Junos Space" and version "16.1" | r3 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 17.1 Search vendor "Juniper" for product "Junos Space" and version "17.1" | r1 |
Affected
| ||||||
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | 17.2 Search vendor "Juniper" for product "Junos Space" and version "17.2" | r1 |
Affected
| ||||||