mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
97 lines
3.3 KiB
JSON
97 lines
3.3 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "sirt@juniper.net",
|
|
"DATE_PUBLIC" : "2017-10-11T09:00",
|
|
"ID" : "CVE-2017-10612",
|
|
"STATE" : "PUBLIC",
|
|
"TITLE" : "Junos Space: Persistent Cross site scripting in Junos Space"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "Junos Space",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"platform" : "",
|
|
"version_value" : "versions prior to 17.1R1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "Juniper Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration" : [],
|
|
"credit" : [],
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1."
|
|
}
|
|
]
|
|
},
|
|
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
|
|
"impact" : {
|
|
"cvss" : {
|
|
"attackComplexity" : "LOW",
|
|
"attackVector" : "NETWORK",
|
|
"availabilityImpact" : "HIGH",
|
|
"baseScore" : 8,
|
|
"baseSeverity" : "HIGH",
|
|
"confidentialityImpact" : "HIGH",
|
|
"integrityImpact" : "HIGH",
|
|
"privilegesRequired" : "LOW",
|
|
"scope" : "UNCHANGED",
|
|
"userInteraction" : "REQUIRED",
|
|
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
|
"version" : "3.0"
|
|
}
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Persistent cross site scripting vulnerability"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://kb.juniper.net/JSA10826",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://kb.juniper.net/JSA10826"
|
|
},
|
|
{
|
|
"name" : "101256",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/101256"
|
|
}
|
|
]
|
|
},
|
|
"solution" : "The following software releases have been updated to resolve this specific issue: , and all subsequent releases.\n\nThis issue is being tracked as PR 1231289 and is visible on the Customer Support website.",
|
|
"work_around" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "There are no viable workarounds for this issue.\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts."
|
|
}
|
|
]
|
|
}
|