Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2018-0046— Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS

AI Predicted 5.4 Difficulty: Easy EPSS 1.65% · P74
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-0046

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos Space: Reflected Cross-site Scripting vulnerability in OpenNMS
Source: NVD (National Vulnerability Database)
Vulnerability Description
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Junos Space OpenNMS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Junos Space是美国瞻博网络(Juniper Networks)公司的一套网络管理解决方案。该方案支持在设备和服务的整个生命周期内对其进行自动配置、监控和故障排除。OpenNMS是其中的一套网络管理系统。 Juniper Junos Space 18.2R1之前版本中的OpenNMS存在跨站脚本漏洞。远程攻击者可利用该漏洞窃取敏感信息/会话凭证或执行管理操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos Space unspecified ~ 18.2R1 -

II. Public POCs for CVE-2018-0046

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-0046

登录查看更多情报信息。

Patches & Fixes for CVE-2018-0046 (1)

Vendor Advisories for CVE-2018-0046 (3)

Same Patch Batch · Juniper Networks · 2018-10-10 · 21 CVEs total

CVE-2018-0054QFX5000/EX4600 Series: Routing protocol flap upon receipt of high rate of Ethernet frames
CVE-2018-0063Junos OS: Nexthop index allocation failed: private index space exhausted after incoming AR
CVE-2018-0062Junos OS: Denial of Service in J-Web
CVE-2018-0061Junos OS: Denial of service in telnetd
CVE-2018-0060Junos OS: Invalid IP/mask learned from DHCP server might cause device control daemon (dcd)
CVE-2018-0059ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability
CVE-2018-0058MX Series: In BBE configurations, receipt of a crafted IPv6 exception packet causes a Deni
CVE-2018-0057Junos OS: authd allows assignment of IP address requested by DHCP subscriber logging in wi
CVE-2018-0056MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interface
CVE-2018-0055Junos OS: jdhcpd process crash during processing of specially crafted DHCPv6 message
CVE-2018-0043Junos OS: RPD daemon crashes upon receipt of specific MPLS packet
CVE-2018-0053vSRX Series: A local authentication vulnerability may lead to full control of a vSRX insta
CVE-2018-0052Junos OS: Unauthenticated remote root access possible when RSH service is enabled
CVE-2018-0051Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow d
CVE-2018-0050Junos OS: Receipt of a malformed MPLS RSVP packet leads to a Routing Protocols Daemon (RPD
CVE-2018-0049Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel
CVE-2018-0048Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (R
CVE-2018-0047Junos Space Security Director: XSS vulnerability in web administration
CVE-2018-0045Junos OS: RPD daemon crashes due to receipt of specific Draft-Rosen MVPN control packet in
CVE-2018-0044NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS

IV. Related Vulnerabilities

V. Comments for CVE-2018-0046

No comments yet


Leave a comment