Lucene search
HistoryJan 25, 2024 - 11:15 p.m.
CVE-2024-21620
juniper networks
junos os
srx series
ex series
input handling vulnerability
command execution
administrator permissions.
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
8.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator.
A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.
This issue affects Juniper Networks Junos OS on SRX Series and EX Series:
- All versions earlier than 20.4R3-S10;
- 21.2 versions earlier than 21.2R3-S8;
- 21.4 versions earlier than 21.4R3-S6;
- 22.1 versions earlier than 22.1R3-S5;
- 22.2 versions earlier than 22.2R3-S3;
- 22.3 versions earlier than 22.3R3-S2;
- 22.4 versions earlier than 22.4R3-S1;
- 23.2 versions earlier than 23.2R2;
- 23.4 versions earlier than 23.4R2.
Affected configurations
Node
juniperjunosRange<20.4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch20.4r3-s4
ORjuniperjunosMatch20.4r3-s5
ORjuniperjunosMatch20.4r3-s6
ORjuniperjunosMatch20.4r3-s7
ORjuniperjunosMatch20.4r3-s8
ORjuniperjunosMatch20.4r3-s9
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.2r3-s1
ORjuniperjunosMatch21.2r3-s2
ORjuniperjunosMatch21.2r3-s3
ORjuniperjunosMatch21.2r3-s4
ORjuniperjunosMatch21.2r3-s5
ORjuniperjunosMatch21.2r3-s6
ORjuniperjunosMatch21.2r3-s7
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch21.4r2-s2
ORjuniperjunosMatch21.4r3
ORjuniperjunosMatch21.4r3-s1
ORjuniperjunosMatch21.4r3-s2
ORjuniperjunosMatch21.4r3-s3
ORjuniperjunosMatch21.4r3-s4
ORjuniperjunosMatch21.4r3-s5
ORjuniperjunosMatch22.1-
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
ORjuniperjunosMatch22.1r1-s2
ORjuniperjunosMatch22.1r2
ORjuniperjunosMatch22.1r2-s1
ORjuniperjunosMatch22.1r2-s2
ORjuniperjunosMatch22.1r3
ORjuniperjunosMatch22.1r3-s1
ORjuniperjunosMatch22.1r3-s2
ORjuniperjunosMatch22.1r3-s3
ORjuniperjunosMatch22.1r3-s4
ORjuniperjunosMatch22.2-
ORjuniperjunosMatch22.2r1
ORjuniperjunosMatch22.2r1-s1
ORjuniperjunosMatch22.2r1-s2
ORjuniperjunosMatch22.2r2
ORjuniperjunosMatch22.2r2-s1
ORjuniperjunosMatch22.2r2-s2
ORjuniperjunosMatch22.2r3
ORjuniperjunosMatch22.2r3-s1
ORjuniperjunosMatch22.2r3-s2
ORjuniperjunosMatch22.3-
ORjuniperjunosMatch22.3r1
ORjuniperjunosMatch22.3r1-s1
ORjuniperjunosMatch22.3r1-s2
ORjuniperjunosMatch22.3r2
ORjuniperjunosMatch22.3r2-s1
ORjuniperjunosMatch22.3r2-s2
ORjuniperjunosMatch22.3r3
ORjuniperjunosMatch22.3r3-s1
ORjuniperjunosMatch22.4-
ORjuniperjunosMatch22.4r1
ORjuniperjunosMatch22.4r1-s1
ORjuniperjunosMatch22.4r1-s2
ORjuniperjunosMatch22.4r2
ORjuniperjunosMatch22.4r2-s1
ORjuniperjunosMatch22.4r2-s2
ORjuniperjunosMatch22.4r3
ORjuniperjunosMatch23.2-
ORjuniperjunosMatch23.2r1
ORjuniperjunosMatch23.2r1-s1
ORjuniperjunosMatch23.2r1-s2
ORjuniperjunosMatch23.4r1
juniperex_redundant_power_systemMatch-
ORjuniperex_rpsMatch-
ORjuniperex2200Match-
ORjuniperex2200-cMatch-
ORjuniperex2200-vcMatch-
ORjuniperex2300Match-
ORjuniperex2300-24mpMatch-
ORjuniperex2300-24pMatch-
ORjuniperex2300-24tMatch-
ORjuniperex2300-48mpMatch-
ORjuniperex2300-48pMatch-
ORjuniperex2300-48tMatch-
ORjuniperex2300-cMatch-
ORjuniperex2300_multigigabitMatch-
ORjuniperex2300mMatch-
ORjuniperex3200Match-
ORjuniperex3300Match-
ORjuniperex3300-vcMatch-
ORjuniperex3400Match-
ORjuniperex4100Match-
ORjuniperex4100-fMatch-
ORjuniperex4100_multigigabitMatch-
ORjuniperex4200Match-
ORjuniperex4200-vcMatch-
ORjuniperex4300Match-
ORjuniperex4300-24pMatch-
ORjuniperex4300-24p-sMatch-
ORjuniperex4300-24tMatch-
ORjuniperex4300-24t-sMatch-
ORjuniperex4300-32fMatch-
ORjuniperex4300-32f-dcMatch-
ORjuniperex4300-32f-sMatch-
ORjuniperex4300-48mpMatch-
ORjuniperex4300-48mp-sMatch-
ORjuniperex4300-48pMatch-
ORjuniperex4300-48p-sMatch-
ORjuniperex4300-48tMatch-
ORjuniperex4300-48t-afiMatch-
ORjuniperex4300-48t-dcMatch-
ORjuniperex4300-48t-dc-afiMatch-
ORjuniperex4300-48t-sMatch-
ORjuniperex4300-48tafiMatch-
ORjuniperex4300-48tdcMatch-
ORjuniperex4300-48tdc-afiMatch-
ORjuniperex4300-mpMatch-
ORjuniperex4300-vcMatch-
ORjuniperex4300_multigigabitMatch-
ORjuniperex4300mMatch-
ORjuniperex4400Match-
ORjuniperex4400-24xMatch-
ORjuniperex4400_multigigabitMatch-
ORjuniperex4500Match-
ORjuniperex4500-vcMatch-
ORjuniperex4550Match-
ORjuniperex4550-vcMatch-
ORjuniperex4550\/vcMatch-
ORjuniperex4600Match-
ORjuniperex4600-vcMatch-
ORjuniperex4650Match-
ORjuniperex6200Match-
ORjuniperex6210Match-
ORjuniperex8200Match-
ORjuniperex8200-vcMatch-
ORjuniperex8208Match-
ORjuniperex8216Match-
ORjuniperex9200Match-
ORjuniperex9204Match-
ORjuniperex9208Match-
ORjuniperex9214Match-
ORjuniperex9250Match-
ORjuniperex9251Match-
ORjuniperex9253Match-
ORjunipersrx100Match-
ORjunipersrx110Match-
ORjunipersrx1400Match-
ORjunipersrx1500Match-
ORjunipersrx1600Match-
ORjunipersrx210Match-
ORjunipersrx220Match-
ORjunipersrx2300Match-
ORjunipersrx240Match-
ORjunipersrx240h2Match-
ORjunipersrx240mMatch-
ORjunipersrx300Match-
ORjunipersrx320Match-
ORjunipersrx340Match-
ORjunipersrx3400Match-
ORjunipersrx345Match-
ORjunipersrx3600Match-
ORjunipersrx380Match-
ORjunipersrx4000Match-
ORjunipersrx4100Match-
ORjunipersrx4200Match-
ORjunipersrx4300Match-
ORjunipersrx4600Match-
ORjunipersrx4700Match-
ORjunipersrx5000Match-
ORjunipersrx5400Match-
ORjunipersrx550Match-
ORjunipersrx550_hmMatch-
ORjunipersrx550mMatch-
ORjunipersrx5600Match-
ORjunipersrx5800Match-
ORjunipersrx650Match-
References
Related
cve
cve
CVE-2024-21620
2024-01-25 23:15:09
cvelist
cvelist
prion
prion
Cross site scripting
2024-01-25 23:15:00
thn
thn
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
8.9 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for NVD:CVE-2024-21620