ID

VAR-202104-0564


CVE

CVE-2021-0275


TITLE

Juniper Networks Junos OS Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-1007

DESCRIPTION

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

Trust: 1.08

sources: NVD: CVE-2021-0275 // VULHUB: VHN-372177 // VULMON: CVE-2021-0275

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3x48

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1x49

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:16.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-0275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0275
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0275
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-1007
value: HIGH

Trust: 0.6

VULHUB: VHN-372177
value: HIGH

Trust: 0.1

VULMON: CVE-2021-0275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0275
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-372177
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0275
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372177 // VULMON: CVE-2021-0275 // CNNVD: CNNVD-202104-1007 // NVD: CVE-2021-0275 // NVD: CVE-2021-0275

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-372177 // NVD: CVE-2021-0275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1007

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202104-1007

PATCH

title:Juniper Networks Junos OS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148261

Trust: 0.6

sources: CNNVD: CNNVD-202104-1007

EXTERNAL IDS

db:JUNIPERid:JSA11166

Trust: 1.8

db:NVDid:CVE-2021-0275

Trust: 1.8

db:CNNVDid:CNNVD-202104-1007

Trust: 0.6

db:VULHUBid:VHN-372177

Trust: 0.1

db:VULMONid:CVE-2021-0275

Trust: 0.1

sources: VULHUB: VHN-372177 // VULMON: CVE-2021-0275 // CNNVD: CNNVD-202104-1007 // NVD: CVE-2021-0275

REFERENCES

url:https://kb.juniper.net/jsa11166

Trust: 1.8

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35081

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0275

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372177 // VULMON: CVE-2021-0275 // CNNVD: CNNVD-202104-1007 // NVD: CVE-2021-0275

SOURCES

db:VULHUBid:VHN-372177
db:VULMONid:CVE-2021-0275
db:CNNVDid:CNNVD-202104-1007
db:NVDid:CVE-2021-0275

LAST UPDATE DATE

2024-08-14T14:50:17.436000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372177date:2022-01-18T00:00:00
db:VULMONid:CVE-2021-0275date:2021-04-28T00:00:00
db:CNNVDid:CNNVD-202104-1007date:2021-04-29T00:00:00
db:NVDid:CVE-2021-0275date:2022-01-18T15:00:54.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-372177date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-0275date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-1007date:2021-04-14T00:00:00
db:NVDid:CVE-2021-0275date:2021-04-22T20:15:10.160