Details of VAR-201404-0649

ID

VAR-201404-0649

CVE

CVE-2014-2711

TITLE

Juniper Junos of J-Web Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-002018

DESCRIPTION

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. The following releases are affected: Juniper Networks Junos Release 13.1 through 13.3, Release 12.1 through 12.3, 12.1x44, 12.1x45, 12.1x46, 11.4, 11.4x27

Trust: 2.07

sources: NVD: CVE-2014-2711 // JVNDB: JVNDB-2014-002018 // BID: 66770 // VULHUB: VHN-70650 // VULMON: CVE-2014-2711

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4x27	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4x27	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.2r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d25	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d35	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r9	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.1r4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4x27.62 (bbe)	Trust: 0.8
vendor:	juniper	model:	junos 13.1r3-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d35	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r4-s3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r4-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r2-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r9	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r8-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r8-s3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r4	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r.3-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	ne	version:	11.4x27.62	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r11	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	-	version:	-	Trust: 0.3

sources: BID: 66770 // JVNDB: JVNDB-2014-002018 // CNNVD: CNNVD-201404-188 // NVD: CVE-2014-2711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2711
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2711
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201404-188
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-70650
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-2711
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2711
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-70650
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70650 // VULMON: CVE-2014-2711 // JVNDB: JVNDB-2014-002018 // CNNVD: CNNVD-201404-188 // NVD: CVE-2014-2711

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-70650 // JVNDB: JVNDB-2014-002018 // NVD: CVE-2014-2711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-188

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201404-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002018

PATCH

title:

JSA10619

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10619

Trust: 0.8

sources: JVNDB: JVNDB-2014-002018

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2711	Trust: 2.9
db:	BID	id:	66770	Trust: 2.3
db:	JUNIPER	id:	JSA10619	Trust: 2.1
db:	SECUNIA	id:	57788	Trust: 1.4
db:	SECTRACK	id:	1030061	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201404-188	Trust: 0.7
db:	SEEBUG	id:	SSVID-62147	Trust: 0.1
db:	VULHUB	id:	VHN-70650	Trust: 0.1
db:	VULMON	id:	CVE-2014-2711	Trust: 0.1

sources: VULHUB: VHN-70650 // VULMON: CVE-2014-2711 // BID: 66770 // JVNDB: JVNDB-2014-002018 // CNNVD: CNNVD-201404-188 // NVD: CVE-2014-2711

REFERENCES

url:	http://www.securityfocus.com/bid/66770	Trust: 2.0
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10619	Trust: 2.0
url:	http://www.securitytracker.com/id/1030061	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2711	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2711	Trust: 0.8
url:	http://secunia.com/advisories/57788/	Trust: 0.8
url:	http://secunia.com/advisories/57788	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10619	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=33730	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-70650 // VULMON: CVE-2014-2711 // BID: 66770 // JVNDB: JVNDB-2014-002018 // CNNVD: CNNVD-201404-188 // NVD: CVE-2014-2711

CREDITS

Chuck McAuley

Trust: 0.3

sources: BID: 66770

SOURCES

db:	VULHUB	id:	VHN-70650
db:	VULMON	id:	CVE-2014-2711
db:	BID	id:	66770
db:	JVNDB	id:	JVNDB-2014-002018
db:	CNNVD	id:	CNNVD-201404-188
db:	NVD	id:	CVE-2014-2711

LAST UPDATE DATE

2025-04-13T23:35:17.283000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70650	date:	2015-10-08T00:00:00
db:	VULMON	id:	CVE-2014-2711	date:	2015-10-08T00:00:00
db:	BID	id:	66770	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002018	date:	2014-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201404-188	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2711	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70650	date:	2014-04-14T00:00:00
db:	VULMON	id:	CVE-2014-2711	date:	2014-04-14T00:00:00
db:	BID	id:	66770	date:	2014-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002018	date:	2014-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201404-188	date:	2014-04-17T00:00:00
db:	NVD	id:	CVE-2014-2711	date:	2014-04-14T15:09:06.333