Saturday, April 17, 2021

Juniper Junos OS: 2021-04 Security Bulletin: Junos OS: J-Web: Cross-site scripting attack allows an attacker to gain control of another users session. (JSA11166) (CVE-2021-0275)

Description
A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as the user. If the user has root privileges, the attacker may be able to gain full control of the device.
Solution(s)
  • juniper-junos-os-upgrade-latest


  • References
  • https://attackerkb.com/topics/cve-2021-0275
  • CVE - 2021-0275
  • JSA11166




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore