TROYANOSYVIRUS
Volver a CVEs

CVE-2021-31373

HIGH
8.0

Descripcion

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3.

Detalles CVE

Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado10/19/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

juniper:junosjuniper:srx100juniper:srx110juniper:srx1400juniper:srx1500juniper:srx210juniper:srx220juniper:srx240juniper:srx240h2juniper:srx300juniper:srx320juniper:srx340juniper:srx3400juniper:srx345juniper:srx3600juniper:srx380juniper:srx4000juniper:srx4100juniper:srx4200juniper:srx4600juniper:srx5000juniper:srx5400juniper:srx550juniper:srx550_hmjuniper:srx550mjuniper:srx5600juniper:srx5800juniper:srx650

Debilidades (CWE)

CWE-20CWE-79CWE-79

Referencias

https://kb.juniper.net/JSA11238(sirt@juniper.net)
https://kb.juniper.net/JSA11238(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.