Sign-up

ID

VAR-201710-0042


CVE

CVE-2016-4923


TITLE

Juniper Networks Junos OS Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-008841

DESCRIPTION

Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57. Juniper Networks Junos OS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Juniper Junos is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. J-Web is one of the network management tools. The following versions are affected: Juniper Junos OS Release 11.4, Release 12.1X44, Release 12.1X46, Release 12.1X47, Release 12.3, Release 12.3X48, Release 13.2X51, Release 13.3, Release 14.1, Release 14.2, Release 15.1, Release 15.1X49, 15.1X53 version

Trust: 1.98

sources: NVD: CVE-2016-4923 // JVNDB: JVNDB-2016-008841 // BID: 93529 // VULHUB: VHN-93742

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:13.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x53

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:11.4r13

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:14.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.0

vendor:junipermodel:junos osscope:eqversion:12.1x44-d60

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r11

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3x48

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r13-s3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2x51-d39

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x53-d57

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.2x51-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.1r6

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:14.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d30

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1x49-d20

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:14.2r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d40

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3x48-d20

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x49

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1x53

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.3r9

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:13.2x51

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:15.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:15.1r3

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 15.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.2r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 14.1r1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7-s3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.3r3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d30.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d27.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d25.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d15.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10.2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.3r1.8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d23scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d37scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d36scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d55scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d52scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d51scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d50scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d45scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d41scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d40scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d35.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d33scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d32scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d24scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d15scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 16.1r1scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1x49-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 15.1r3scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.2r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 14.1r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.3r9scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 13.2x51-d39scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3x48-d20scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.3r11scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d60scope:neversion: -

Trust: 0.3

sources: BID: 93529 // JVNDB: JVNDB-2016-008841 // CNNVD: CNNVD-201710-523 // NVD: CVE-2016-4923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4923
value: MEDIUM

Trust: 1.0

sirt@juniper.net: CVE-2016-4923
value: HIGH

Trust: 1.0

NVD: CVE-2016-4923
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-523
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93742
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4923
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93742
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4923
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sirt@juniper.net: CVE-2016-4923
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-93742 // JVNDB: JVNDB-2016-008841 // CNNVD: CNNVD-201710-523 // NVD: CVE-2016-4923 // NVD: CVE-2016-4923

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-93742 // JVNDB: JVNDB-2016-008841 // NVD: CVE-2016-4923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-523

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201710-523

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008841

PATCH
title:JSA10764url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10764&actp=METADATA
Trust: 0.8
title:Juniper Junos OS J-Web Fixes for component cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75559
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008841 // 
            
            
            
            CNNVD: CNNVD-201710-523

EXTERNAL IDS
db:NVDid:CVE-2016-4923
Trust: 2.8
db:BIDid:93529
Trust: 2.0
db:JUNIPERid:JSA10764
Trust: 2.0
db:JVNDBid:JVNDB-2016-008841
Trust: 0.8
db:CNNVDid:CNNVD-201710-523
Trust: 0.7
db:VULHUBid:VHN-93742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93742 // 
            
            
            
            BID: 93529 // 
            
            
            
            JVNDB: JVNDB-2016-008841 // 
            
            
            
            CNNVD: CNNVD-201710-523 // 
            
            
            
            NVD: CVE-2016-4923

REFERENCES
url:http://www.securityfocus.com/bid/93529
Trust: 1.7
url:https://kb.juniper.net/jsa10764
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4923
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-4923
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10764&actp=search
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93742 // 
            
            
            
            BID: 93529 // 
            
            
            
            JVNDB: JVNDB-2016-008841 // 
            
            
            
            CNNVD: CNNVD-201710-523 // 
            
            
            
            NVD: CVE-2016-4923

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 93529

SOURCES
db:VULHUBid:VHN-93742
db:BIDid:93529
db:JVNDBid:JVNDB-2016-008841
db:CNNVDid:CNNVD-201710-523
db:NVDid:CVE-2016-4923

LAST UPDATE DATE
2024-11-23T22:07:15.095000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93742date:2019-10-09T00:00:00
db:BIDid:93529date:2016-10-26T09:06:00
db:JVNDBid:JVNDB-2016-008841date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-523date:2019-10-17T00:00:00
db:NVDid:CVE-2016-4923date:2024-11-21T02:53:14.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-93742date:2017-10-13T00:00:00
db:BIDid:93529date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-008841date:2017-11-09T00:00:00
db:CNNVDid:CNNVD-201710-523date:2017-10-18T00:00:00
db:NVDid:CVE-2016-4923date:2017-10-13T17:29:00.330