Details of VAR-202010-0404

ID

VAR-202010-0404

CVE

CVE-2020-1673

TITLE

Juniper Networks Junos OS Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012203

DESCRIPTION

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. Juniper Networks Junos OS Contains a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. There is a cross-site scripting vulnerability in Junos OS, which can be exploited by attackers to trigger cross-site scripting through J-Web to run JavaScript code in the context of the website

Trust: 1.8

sources: NVD: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // VULHUB: VHN-169837 // VULMON: CVE-2020-1673

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	18.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	20.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	19.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	18.3	Trust: 1.0
vendor:	ジュニパーネットワークス	model:	junos os	scope:	eq	version:	-	Trust: 0.8
vendor:	ジュニパーネットワークス	model:	junos os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012203 // NVD: CVE-2020-1673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1673
value:	HIGH
Trust: 1.0
sirt@juniper.net:	CVE-2020-1673
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-1673
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-674
value:	HIGH
Trust: 0.6
VULHUB:	VHN-169837
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-1673
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-1673
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-169837
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sirt@juniper.net:	CVE-2020-1673
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2020-012203
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673 // NVD: CVE-2020-1673

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-169837 // JVNDB: JVNDB-2020-012203 // NVD: CVE-2020-1673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-674

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202010-674

PATCH

title:	JSA11070	url:	https://kb.juniper.net/JSA11070	Trust: 0.8
title:	Juniper Networks Junos OS Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130747	Trust: 0.6

sources: JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1673	Trust: 2.6
db:	JUNIPER	id:	JSA11070	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012203	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-674	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3750	Trust: 0.6
db:	CNVD	id:	CNVD-2020-63216	Trust: 0.1
db:	VULHUB	id:	VHN-169837	Trust: 0.1
db:	VULMON	id:	CVE-2020-1673	Trust: 0.1

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673

REFERENCES

url:	https://kb.juniper.net/jsa11070	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1673	Trust: 1.4
url:	https://vigilance.fr/vulnerability/junos-os-cross-site-scripting-via-j-web-33590	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3750/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189879	Trust: 0.1

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673

SOURCES

db:	VULHUB	id:	VHN-169837
db:	VULMON	id:	CVE-2020-1673
db:	JVNDB	id:	JVNDB-2020-012203
db:	CNNVD	id:	CNNVD-202010-674
db:	NVD	id:	CVE-2020-1673

LAST UPDATE DATE

2024-08-14T15:38:19.904000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-169837	date:	2021-02-05T00:00:00
db:	VULMON	id:	CVE-2020-1673	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-012203	date:	2021-04-27T05:33:00
db:	CNNVD	id:	CNNVD-202010-674	date:	2020-10-30T00:00:00
db:	NVD	id:	CVE-2020-1673	date:	2021-02-05T16:49:04.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-169837	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-1673	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012203	date:	2021-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202010-674	date:	2020-10-15T00:00:00
db:	NVD	id:	CVE-2020-1673	date:	2020-10-16T21:15:13.223