Details of VAR-201407-0481

ID

VAR-201407-0481

CVE

CVE-2014-3821

TITLE

Juniper Junos of SRX Web Authentication Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-003347

DESCRIPTION

Cross-site scripting (XSS) vulnerability in SRX Web Authentication (webauth) in Juniper Junos 11.4 before 11.4R11, 12.1X44 before 12.1X44-D34, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 prior to 11.4R11, 12.1X44 prior to 12.1X44-D34, 12.1X45 prior to 12.1X45-D25, 12.1X46 prior to 12.1X46-D20, 12.1X47-D10 prior 12.1X47 version

Trust: 2.07

sources: NVD: CVE-2014-3821 // JVNDB: JVNDB-2014-003347 // BID: 68548 // VULHUB: VHN-71761 // VULMON: CVE-2014-3821

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.9
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4 thats all 11.4r11	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44 thats all 12.1x44-d34	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45 thats all 12.1x45-d25	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46 thats all 12.1x46-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47 thats all 12.1x47-d10	Trust: 0.8
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d32	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r9	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d34	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r11	scope:	ne	version:	-	Trust: 0.3

sources: BID: 68548 // JVNDB: JVNDB-2014-003347 // CNNVD: CNNVD-201407-285 // NVD: CVE-2014-3821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3821
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3821
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201407-285
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71761
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-3821
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3821
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-71761
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71761 // VULMON: CVE-2014-3821 // JVNDB: JVNDB-2014-003347 // CNNVD: CNNVD-201407-285 // NVD: CVE-2014-3821

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71761 // JVNDB: JVNDB-2014-003347 // NVD: CVE-2014-3821

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-285

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201407-285

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003347

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71761

PATCH

title:

JSA10640

url:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10640

Trust: 0.8

sources: JVNDB: JVNDB-2014-003347

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3821	Trust: 2.9
db:	JUNIPER	id:	JSA10640	Trust: 2.1
db:	BID	id:	68548	Trust: 1.5
db:	SECTRACK	id:	1030563	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-003347	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-285	Trust: 0.7
db:	PACKETSTORM	id:	122532	Trust: 0.1
db:	VULHUB	id:	VHN-71761	Trust: 0.1
db:	VULMON	id:	CVE-2014-3821	Trust: 0.1

sources: VULHUB: VHN-71761 // VULMON: CVE-2014-3821 // BID: 68548 // JVNDB: JVNDB-2014-003347 // CNNVD: CNNVD-201407-285 // NVD: CVE-2014-3821

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10640	Trust: 2.0
url:	http://www.securityfocus.com/bid/68548	Trust: 1.2
url:	http://www.securitytracker.com/id/1030563	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3821	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3821	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10640	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa10640	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-71761 // VULMON: CVE-2014-3821 // BID: 68548 // JVNDB: JVNDB-2014-003347 // CNNVD: CNNVD-201407-285 // NVD: CVE-2014-3821

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68548

SOURCES

db:	VULHUB	id:	VHN-71761
db:	VULMON	id:	CVE-2014-3821
db:	BID	id:	68548
db:	JVNDB	id:	JVNDB-2014-003347
db:	CNNVD	id:	CNNVD-201407-285
db:	NVD	id:	CVE-2014-3821

LAST UPDATE DATE

2025-04-13T23:27:37.156000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71761	date:	2014-07-18T00:00:00
db:	VULMON	id:	CVE-2014-3821	date:	2014-07-18T00:00:00
db:	BID	id:	68548	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003347	date:	2014-07-15T00:00:00
db:	CNNVD	id:	CNNVD-201407-285	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-3821	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71761	date:	2014-07-11T00:00:00
db:	VULMON	id:	CVE-2014-3821	date:	2014-07-11T00:00:00
db:	BID	id:	68548	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003347	date:	2014-07-15T00:00:00
db:	CNNVD	id:	CNNVD-201407-285	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-3821	date:	2014-07-11T20:55:02.670