Lucene search

PRIOn knowledge basePRION:CVE-2024-21620

HistoryJan 25, 2024 - 11:15 p.m.

Cross site scripting

2024-01-2523:15:00

PRIOn knowledge base

www.prio-n.com

improper neutralization input

web page generation

command execution

administrator permissions

j-web

emit_debug_note method

webauth_operation.php

security advisory

nvd

7.5 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator.

A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.

This issue affects Juniper Networks Junos OS on SRX Series and EX Series:

All versions earlier than 20.4R3-S10;
21.2 versions earlier than 21.2R3-S8;
21.4 versions earlier than 21.4R3-S6;
22.1 versions earlier than 22.1R3-S5;
22.2 versions earlier than 22.2R3-S3;
22.3 versions earlier than 22.3R3-S2;
22.4 versions earlier than 22.4R3-S1;
23.2 versions earlier than 23.2R2;
23.4 versions earlier than 23.4R2.

CPENameOperatorVersion
junoslt20.4
junoseq20.4
junoseq20.4
junoseq20.4
junoseq20.4
junoseq20.4
junoseq20.4 r1
junoseq20.4
junoseq20.4 r2
junoseq20.4

Name	Operator	Version
junos	lt	20.4
junos	eq	20.4
junos	eq	20.4
junos	eq	20.4
junos	eq	20.4
junos	eq	20.4
junos	eq	20.4 r1
junos	eq	20.4
junos	eq	20.4 r2
junos	eq	20.4

Rows per page:

1-10 of 891

References

supportportal.juniper.net/JSA76390