Details of VAR-201504-0553

ID

VAR-201504-0553

CVE

CVE-2015-3005

TITLE

Juniper SRX Runs on series devices Juniper Junos of Dynamic VPN Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-002206

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Networks Junos on SRX Series devices is a set of network operating systems of Juniper Networks (Juniper Networks) running on SRX series service gateway devices. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 12.1X44 prior to 12.1X44-D45, 12.1X46 prior to 12.1X46-D30, 12.1X47 prior to 12.1X47-D20, and 12.3X48 prior to 12.3X48-D10

Trust: 1.98

sources: NVD: CVE-2015-3005 // JVNDB: JVNDB-2015-002206 // BID: 74016 // VULHUB: VHN-80966

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x47	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x48	Trust: 1.6
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	srx3400	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x47-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3x48	Trust: 0.8
vendor:	juniper	model:	srx210	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx650	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d30	Trust: 0.8
vendor:	juniper	model:	srx550	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d45	Trust: 0.8
vendor:	juniper	model:	srx5800	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx100	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	srx220	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx5600	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx110	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x47	Trust: 0.8
vendor:	juniper	model:	srx240	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx1400	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3x48-d10	Trust: 0.8
vendor:	juniper	model:	srx3600	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos 12.1x44-d20	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	junos os 12.1x46-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos os 12.1x46-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x47	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d25	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d20	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d15	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos -d10	scope:	eq	version:	12.1x46	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d40	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d35	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d34	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d32	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d26	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d25	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos d40	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d35	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d30	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d25	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d20	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d15	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos d10	scope:	eq	version:	12.1x44	Trust: 0.3
vendor:	juniper	model:	junos 12.3x48-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x47-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d45	scope:	ne	version:	-	Trust: 0.3

sources: BID: 74016 // JVNDB: JVNDB-2015-002206 // CNNVD: CNNVD-201504-183 // NVD: CVE-2015-3005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3005
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3005
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-183
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-80966
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3005
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-80966
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-80966 // JVNDB: JVNDB-2015-002206 // CNNVD: CNNVD-201504-183 // NVD: CVE-2015-3005

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-80966 // JVNDB: JVNDB-2015-002206 // NVD: CVE-2015-3005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-183

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201504-183

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002206

PATCH

title:

JSA10677

url:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10677

Trust: 0.8

sources: JVNDB: JVNDB-2015-002206

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3005	Trust: 2.8
db:	JUNIPER	id:	JSA10677	Trust: 1.7
db:	BID	id:	74016	Trust: 1.4
db:	SECTRACK	id:	1032089	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002206	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-183	Trust: 0.7
db:	JUNIPER	id:	JSA10640	Trust: 0.3
db:	VULHUB	id:	VHN-80966	Trust: 0.1

sources: VULHUB: VHN-80966 // BID: 74016 // JVNDB: JVNDB-2015-002206 // CNNVD: CNNVD-201504-183 // NVD: CVE-2015-3005

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10677	Trust: 1.6
url:	http://www.securityfocus.com/bid/74016	Trust: 1.1
url:	http://www.securitytracker.com/id/1032089	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3005	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3005	Trust: 0.8
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10640	Trust: 0.3
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10677	Trust: 0.1

sources: VULHUB: VHN-80966 // BID: 74016 // JVNDB: JVNDB-2015-002206 // CNNVD: CNNVD-201504-183 // NVD: CVE-2015-3005

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 74016

SOURCES

db:	VULHUB	id:	VHN-80966
db:	BID	id:	74016
db:	JVNDB	id:	JVNDB-2015-002206
db:	CNNVD	id:	CNNVD-201504-183
db:	NVD	id:	CVE-2015-3005

LAST UPDATE DATE

2024-11-23T21:55:18.840000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-80966	date:	2016-12-03T00:00:00
db:	BID	id:	74016	date:	2015-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-002206	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-183	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-3005	date:	2024-11-21T02:28:29.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-80966	date:	2015-04-10T00:00:00
db:	BID	id:	74016	date:	2015-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-002206	date:	2015-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201504-183	date:	2015-04-14T00:00:00
db:	NVD	id:	CVE-2015-3005	date:	2015-04-10T15:00:09.477