Details of VAR-201404-0632

ID

VAR-201404-0632

CVE

CVE-2014-2712

TITLE

Juniper Junos of J-Web Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-002019

DESCRIPTION

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php. Juniper Junos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Junos 11.4, 12.1, 12.1X44, and 12.1X45 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. The following versions are affected: Juniper Networks Junos 10.0, 10.4, 11.4, 12.1x44, 12.1x45, 12.1x46, 12.1, 12.2

Trust: 1.98

sources: NVD: CVE-2014-2712 // JVNDB: JVNDB-2014-002019 // BID: 66767 // VULHUB: VHN-70651

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	10.0	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.6
vendor:	juniper	model:	junos os	scope:	eq	version:	10.4r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r9	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4r11	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	10.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.2r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d20	Trust: 0.8
vendor:	juniper	model:	junos 12.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r9	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r11	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.0s25	scope:	ne	version:	-	Trust: 0.3

sources: BID: 66767 // JVNDB: JVNDB-2014-002019 // CNNVD: CNNVD-201404-189 // NVD: CVE-2014-2712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2712
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2712
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-189
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70651
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2712
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70651
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70651 // JVNDB: JVNDB-2014-002019 // CNNVD: CNNVD-201404-189 // NVD: CVE-2014-2712

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-70651 // JVNDB: JVNDB-2014-002019 // NVD: CVE-2014-2712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-189

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201404-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002019

PATCH

title:

JSA10521

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521

Trust: 0.8

sources: JVNDB: JVNDB-2014-002019

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2712	Trust: 2.8
db:	BID	id:	66767	Trust: 2.2
db:	JUNIPER	id:	JSA10521	Trust: 2.0
db:	SECUNIA	id:	57790	Trust: 1.4
db:	SECTRACK	id:	1030058	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-002019	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-189	Trust: 0.7
db:	VULHUB	id:	VHN-70651	Trust: 0.1

sources: VULHUB: VHN-70651 // BID: 66767 // JVNDB: JVNDB-2014-002019 // CNNVD: CNNVD-201404-189 // NVD: CVE-2014-2712

REFERENCES

url:	http://www.securityfocus.com/bid/66767	Trust: 1.9
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10521	Trust: 1.9
url:	http://www.securitytracker.com/id/1030058	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2712	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2712	Trust: 0.8
url:	http://secunia.com/advisories/57790/	Trust: 0.8
url:	http://secunia.com/advisories/57790	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10521	Trust: 0.1

sources: VULHUB: VHN-70651 // BID: 66767 // JVNDB: JVNDB-2014-002019 // CNNVD: CNNVD-201404-189 // NVD: CVE-2014-2712

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66767

SOURCES

db:	VULHUB	id:	VHN-70651
db:	BID	id:	66767
db:	JVNDB	id:	JVNDB-2014-002019
db:	CNNVD	id:	CNNVD-201404-189
db:	NVD	id:	CVE-2014-2712

LAST UPDATE DATE

2025-04-13T23:41:29.185000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70651	date:	2015-10-08T00:00:00
db:	BID	id:	66767	date:	2014-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-002019	date:	2014-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201404-189	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2712	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70651	date:	2014-04-14T00:00:00
db:	BID	id:	66767	date:	2014-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-002019	date:	2014-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201404-189	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2712	date:	2014-04-14T15:09:06.367