CVE-2021-0275 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-0275

Analyzed

More Info Official Page

Source-sirt@juniper.net

Published At-22 Apr, 2021 | 20:15

Updated At-18 Jan, 2022 | 15:00

A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D95 on SRX Series; 15.1 versions prior to 15.1R7-S6 on EX Series; 15.1X49 versions prior to 15.1X49-D200 on SRX Series; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11, 16.2R3; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S6, 18.4R2-S4, 18.4R3; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s13:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s14:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s3:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s4:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s6:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>12.3

cpe:2.3:o:juniper:junos:12.3:r12-s8:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:-:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:a1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f2:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f2-s1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f2-s2:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f2-s3:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f2-s4:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f3:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f4:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f5:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f5-s7:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s10:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s12:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s2:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s3:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s4:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s5:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s6:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s7:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s8:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f6-s9:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:f7:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r4-s7:*:*:*:*:*:*

Juniper Networks, Inc.

>>junos>>15.1

cpe:2.3:o:juniper:junos:15.1:r4-s8:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov
CWE-79	Secondary	sirt@juniper.net

References

Hyperlink	Source	Resource
https://kb.juniper.net/JSA11166	sirt@juniper.net	Vendor Advisory