Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1673— Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services

CVSS 8.8 · High EPSS 1.41% · P81
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-1673

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Junos OS 存在跨站脚本漏洞,攻击者可利用该漏洞可以通过J-Web的触发跨站脚本,以便在网站上下文中运行JavaScript代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS unspecified ~ 18.1R1 -

II. Public POCs for CVE-2020-1673

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-1673

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2020-10-16 · 30 CVEs total

CVE-2020-16568.8 HIGHJunos OS: When a DHCPv6 Relay-Agent is configured upon receipt of a specific DHCPv6 client
CVE-2020-16608.3 HIGHJunos OS: MX Series: Receipt of specific packets can cause services card to restart when D
CVE-2020-16678.3 HIGHJunos OS: MX Series: Services card might restart due to a race condition when DNS filterin
CVE-2020-16758.3 HIGHJuniper Networks Mist Cloud UI: SAML authentication certificate vulnerability.
CVE-2020-16647.8 HIGHJunos OS: Buffer overflow vulnerability in device control daemon
CVE-2020-16577.5 HIGHJunos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denia
CVE-2020-16867.5 HIGHJunos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet.
CVE-2020-16847.5 HIGHJunos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Id
CVE-2020-16837.5 HIGHJunos OS: Memory leak leads to kernel crash (vmcore) due to SNMP polling
CVE-2020-16797.5 HIGHJunos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a m
CVE-2020-16727.5 HIGHJunos OS: jdhcpd process crash when processing a specific DHCPDv6 packet in DHCPv6 relay c
CVE-2020-16717.5 HIGHJunos OS: Receipt of malformed DHCPv6 packets causes jdhcpd to crash.
CVE-2020-16627.5 HIGHJunos OS and Junos OS Evolved: RPD crash due to BGP session flapping.
CVE-2020-16767.2 HIGHJuniper Networks Mist Cloud UI: SAML authentication response handling vulnerability.
CVE-2020-16777.2 HIGHJuniper Networks Mist Cloud UI: SAML authentication attribute elements handling vulnerabil
CVE-2020-16666.6 MEDIUMJunos OS Evolved: 'console log-out-on-disconnect' fails to terminate session on console ca
CVE-2020-16816.5 MEDIUMJunos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of S
CVE-2020-16896.5 MEDIUMJunos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2
CVE-2020-16886.5 MEDIUMJunos OS: SRX and NFX Series: Insufficient Web API private key protection
CVE-2020-16876.5 MEDIUMJunos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-79

V. Comments for CVE-2020-1673

No comments yet

Leave a comment