CVE-2017-2336

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Published: Jul 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-2336
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
juniper / screenos	6.3.0-r17	6.3.0-r17.x
juniper / screenos	6.3.0-r18	6.3.0-r18.x
juniper / screenos	6.3.0-r12	6.3.0-r12.x
juniper / screenos	6.3.0-r1	6.3.0-r1.x
juniper / screenos	6.3.0-r8	6.3.0-r8.x
juniper / screenos	6.3.0-r23	6.3.0-r23.x
juniper / screenos	6.3.0-r6	6.3.0-r6.x
juniper / screenos	6.3.0-r21	6.3.0-r21.x
juniper / screenos	6.3.0-r3	6.3.0-r3.x
juniper / screenos	6.3.0-r16	6.3.0-r16.x
juniper / screenos	6.3.0-r22	6.3.0-r22.x
juniper / screenos	6.3.0-r7	6.3.0-r7.x
juniper / screenos	6.3.0	6.3.0.x
juniper / screenos	6.3.0-r11	6.3.0-r11.x
juniper / screenos	6.3.0-r14	6.3.0-r14.x
juniper / screenos	6.3.0-r4	6.3.0-r4.x
juniper / screenos	6.3.0-r23b	6.3.0-r23b.x
juniper / screenos	6.3.0-r10	6.3.0-r10.x
juniper / screenos	6.3.0-r9	6.3.0-r9.x
juniper / screenos	6.3.0-r15	6.3.0-r15.x
juniper / screenos	6.3.0-r13	6.3.0-r13.x
juniper / screenos	6.3.0-r2	6.3.0-r2.x
juniper / screenos	6.3.0-r5	6.3.0-r5.x
juniper / screenos	6.3.0-r19	6.3.0-r19.x

Vulnerability Database

290,020

CVE-2017-2336