ID

VAR-202010-0404


CVE

CVE-2020-1673


TITLE

Juniper Networks Junos OS  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012203

DESCRIPTION

Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. Juniper Networks Junos OS Contains a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. There is a cross-site scripting vulnerability in Junos OS, which can be exploited by attackers to trigger cross-site scripting through J-Web to run JavaScript code in the context of the website

Trust: 1.8

sources: NVD: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // VULHUB: VHN-169837 // VULMON: CVE-2020-1673

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012203 // NVD: CVE-2020-1673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1673
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2020-1673
value: HIGH

Trust: 1.0

NVD: CVE-2020-1673
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-674
value: HIGH

Trust: 0.6

VULHUB: VHN-169837
value: HIGH

Trust: 0.1

VULMON: CVE-2020-1673
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-1673
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-169837
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2020-1673
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-012203
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673 // NVD: CVE-2020-1673

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-169837 // JVNDB: JVNDB-2020-012203 // NVD: CVE-2020-1673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-674

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202010-674

PATCH

title:JSA11070url:https://kb.juniper.net/JSA11070

Trust: 0.8

title:Juniper Networks Junos OS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=130747

Trust: 0.6

sources: JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674

EXTERNAL IDS

db:NVDid:CVE-2020-1673

Trust: 2.6

db:JUNIPERid:JSA11070

Trust: 1.8

db:JVNDBid:JVNDB-2020-012203

Trust: 0.8

db:CNNVDid:CNNVD-202010-674

Trust: 0.7

db:AUSCERTid:ESB-2020.3750

Trust: 0.6

db:CNVDid:CNVD-2020-63216

Trust: 0.1

db:VULHUBid:VHN-169837

Trust: 0.1

db:VULMONid:CVE-2020-1673

Trust: 0.1

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673

REFERENCES

url:https://kb.juniper.net/jsa11070

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-1673

Trust: 1.4

url:https://vigilance.fr/vulnerability/junos-os-cross-site-scripting-via-j-web-33590

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3750/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189879

Trust: 0.1

sources: VULHUB: VHN-169837 // VULMON: CVE-2020-1673 // JVNDB: JVNDB-2020-012203 // CNNVD: CNNVD-202010-674 // NVD: CVE-2020-1673

SOURCES

db:VULHUBid:VHN-169837
db:VULMONid:CVE-2020-1673
db:JVNDBid:JVNDB-2020-012203
db:CNNVDid:CNNVD-202010-674
db:NVDid:CVE-2020-1673

LAST UPDATE DATE

2024-08-14T15:38:19.904000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-169837date:2021-02-05T00:00:00
db:VULMONid:CVE-2020-1673date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2020-012203date:2021-04-27T05:33:00
db:CNNVDid:CNNVD-202010-674date:2020-10-30T00:00:00
db:NVDid:CVE-2020-1673date:2021-02-05T16:49:04.023

SOURCES RELEASE DATE

db:VULHUBid:VHN-169837date:2020-10-16T00:00:00
db:VULMONid:CVE-2020-1673date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-012203date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-674date:2020-10-15T00:00:00
db:NVDid:CVE-2020-1673date:2020-10-16T21:15:13.223