Details of VAR-201305-0317

ID

VAR-201305-0317

CVE

CVE-2013-3498

TITLE

Juniper SmartPass WLAN Security Management Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-002610

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks SmartPass is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. SmartPass 8.0 MR1 and 7.7 MR2 are vulnerable. Juniper Networks SmartPass is a security management application of Juniper Networks (Juniper Networks), which can implement dynamic access control on all users and devices on the wireless LAN

Trust: 1.98

sources: NVD: CVE-2013-3498 // JVNDB: JVNDB-2013-002610 // BID: 59757 // VULHUB: VHN-63500

AFFECTED PRODUCTS

vendor:	juniper	model:	smartpass	scope:	eq	version:	8.0	Trust: 1.6
vendor:	juniper	model:	smartpass	scope:	eq	version:	7.7	Trust: 1.6
vendor:	juniper	model:	smartpass	scope:	lt	version:	8.0	Trust: 0.8
vendor:	juniper	model:	smartpass	scope:	eq	version:	mr2	Trust: 0.8
vendor:	juniper	model:	smartpass mr1	scope:	eq	version:	8.0	Trust: 0.3
vendor:	juniper	model:	smartpass mr2	scope:	eq	version:	7.7	Trust: 0.3
vendor:	juniper	model:	smartpass mr2	scope:	ne	version:	8.0	Trust: 0.3
vendor:	juniper	model:	smartpass mr3	scope:	ne	version:	7.7	Trust: 0.3

sources: BID: 59757 // JVNDB: JVNDB-2013-002610 // CNNVD: CNNVD-201305-181 // NVD: CVE-2013-3498

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3498
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3498
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201305-181
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63500
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3498
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63500
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63500 // JVNDB: JVNDB-2013-002610 // CNNVD: CNNVD-201305-181 // NVD: CVE-2013-3498

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-63500 // JVNDB: JVNDB-2013-002610 // NVD: CVE-2013-3498

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-181

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-181

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002610

PATCH

title:	SmartPass	url:	http://www.juniper.net/jp/jp/products-services/software/security/smartpass/	Trust: 0.8
title:	KB27375	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=KB27375	Trust: 0.8

sources: JVNDB: JVNDB-2013-002610

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3498	Trust: 2.8
db:	SECUNIA	id:	53359	Trust: 1.1
db:	SECTRACK	id:	1028529	Trust: 1.1
db:	JUNIPER	id:	JSA10568	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002610	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-181	Trust: 0.7
db:	BID	id:	59757	Trust: 0.4
db:	VULHUB	id:	VHN-63500	Trust: 0.1

sources: VULHUB: VHN-63500 // BID: 59757 // JVNDB: JVNDB-2013-002610 // CNNVD: CNNVD-201305-181 // NVD: CVE-2013-3498

REFERENCES

url:	http://www.securitytracker.com/id/1028529	Trust: 1.1
url:	http://secunia.com/advisories/53359	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/84110	Trust: 1.1
url:	https://supportportal.juniper.net/jsa10568	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3498	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3498	Trust: 0.8
url:	https://kb.juniper.net/kb27375	Trust: 0.7
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/software/security/smartpass/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=kb27375	Trust: 0.3

sources: VULHUB: VHN-63500 // BID: 59757 // JVNDB: JVNDB-2013-002610 // CNNVD: CNNVD-201305-181 // NVD: CVE-2013-3498

CREDITS

Ross Bushby of KRYPSYS

Trust: 0.3

sources: BID: 59757

SOURCES

db:	VULHUB	id:	VHN-63500
db:	BID	id:	59757
db:	JVNDB	id:	JVNDB-2013-002610
db:	CNNVD	id:	CNNVD-201305-181
db:	NVD	id:	CVE-2013-3498

LAST UPDATE DATE

2025-04-11T23:07:17.034000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63500	date:	2017-08-29T00:00:00
db:	BID	id:	59757	date:	2013-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-002610	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-181	date:	2013-05-09T00:00:00
db:	NVD	id:	CVE-2013-3498	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63500	date:	2013-05-08T00:00:00
db:	BID	id:	59757	date:	2013-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-002610	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-181	date:	2013-05-09T00:00:00
db:	NVD	id:	CVE-2013-3498	date:	2013-05-08T23:55:01.107