CVE-2014-2711

2014-04-1415:09:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-2711

cross-site scripting

xss vulnerability

juniper junos

security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.9%

JSON

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

juniperjunosMatch11.4

juniperjunosMatch11.4x27

juniperjunosMatch12.1

juniperjunosMatch12.1x44

juniperjunosMatch12.1x45

juniperjunosMatch12.1x46

juniperjunosMatch12.2

juniperjunosMatch12.3

juniperjunosMatch13.1

juniperjunosMatch13.2

juniperjunosMatch13.3

CPENameOperatorVersion
juniper:junosjuniper junoseq11.4
juniper:junosjuniper junoseq11.4x27
juniper:junosjuniper junoseq12.1
juniper:junosjuniper junoseq12.1x44
juniper:junosjuniper junoseq12.1x45
juniper:junosjuniper junoseq12.1x46
juniper:junosjuniper junoseq12.2
juniper:junosjuniper junoseq12.3
juniper:junosjuniper junoseq13.1
juniper:junosjuniper junoseq13.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	11.4
juniper:junos	juniper junos	eq	11.4x27
juniper:junos	juniper junos	eq	12.1
juniper:junos	juniper junos	eq	12.1x44
juniper:junos	juniper junos	eq	12.1x45
juniper:junos	juniper junos	eq	12.1x46
juniper:junos	juniper junos	eq	12.2
juniper:junos	juniper junos	eq	12.3
juniper:junos	juniper junos	eq	13.1
juniper:junos	juniper junos	eq	13.2