Details of VAR-202002-0776

ID

VAR-202002-0776

CVE

CVE-2014-6447

TITLE

Juniper Junos OS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2014-008930

DESCRIPTION

Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1. Juniper Junos OS Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Juniper Junos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. The following products and versions are affected: Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D45, 12.1X46 prior to 12.1X46-D30, 12.1X47 prior to 12.1X47-D20, 12.3 prior to 12.3R8, 12.3X48 - 12.3X48 before D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2R1 before 14.2 version, 15.1 version before 15.1R1

Trust: 1.98

sources: NVD: CVE-2014-6447 // JVNDB: JVNDB-2014-008930 // BID: 75717 // VULHUB: VHN-74391

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.3x48	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	15.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r8	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.1r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.1x53-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	14.2r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	15.1r1	Trust: 0.8
vendor:	juniper	model:	junos 14.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r1.7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x47	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d25	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d20	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d15	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos -d10	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d34	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d32	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d40	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d35	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d30	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d25	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d20	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d15	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos 15.1r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r4	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r8	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d45	scope:	ne	version:	-	Trust: 0.3

sources: BID: 75717 // JVNDB: JVNDB-2014-008930 // NVD: CVE-2014-6447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-6447
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2014-008930
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201507-681
value:	HIGH
Trust: 0.6
VULHUB:	VHN-74391
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-6447
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2014-008930
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-74391
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-6447
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2014-008930
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-74391 // JVNDB: JVNDB-2014-008930 // CNNVD: CNNVD-201507-681 // NVD: CVE-2014-6447

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-74391 // JVNDB: JVNDB-2014-008930 // NVD: CVE-2014-6447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-681

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201507-681

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008930

PATCH

title:

JSA10682

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682

Trust: 0.8

sources: JVNDB: JVNDB-2014-008930

EXTERNAL IDS

db:	NVD	id:	CVE-2014-6447	Trust: 2.8
db:	SECTRACK	id:	1032846	Trust: 2.5
db:	JUNIPER	id:	JSA10682	Trust: 2.0
db:	JVNDB	id:	JVNDB-2014-008930	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-681	Trust: 0.7
db:	BID	id:	75717	Trust: 0.4
db:	VULHUB	id:	VHN-74391	Trust: 0.1

sources: VULHUB: VHN-74391 // BID: 75717 // JVNDB: JVNDB-2014-008930 // CNNVD: CNNVD-201507-681 // NVD: CVE-2014-6447

REFERENCES

url:	http://www.securitytracker.com/id/1032846	Trust: 2.5
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10682	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2014-6447	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6447	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10682&cat=sirt_1&actp=list	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10682	Trust: 0.1

sources: VULHUB: VHN-74391 // BID: 75717 // JVNDB: JVNDB-2014-008930 // CNNVD: CNNVD-201507-681 // NVD: CVE-2014-6447

CREDITS

Kyle Lovett

Trust: 0.9

sources: BID: 75717 // CNNVD: CNNVD-201507-681

SOURCES

db:	VULHUB	id:	VHN-74391
db:	BID	id:	75717
db:	JVNDB	id:	JVNDB-2014-008930
db:	CNNVD	id:	CNNVD-201507-681
db:	NVD	id:	CVE-2014-6447

LAST UPDATE DATE

2024-11-23T22:05:48.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-74391	date:	2020-02-25T00:00:00
db:	BID	id:	75717	date:	2015-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-008930	date:	2020-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201507-681	date:	2020-02-26T00:00:00
db:	NVD	id:	CVE-2014-6447	date:	2024-11-21T02:14:24.100

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-74391	date:	2020-02-11T00:00:00
db:	BID	id:	75717	date:	2015-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-008930	date:	2020-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201507-681	date:	2015-07-21T00:00:00
db:	NVD	id:	CVE-2014-6447	date:	2020-02-11T17:15:11.703