CVE-2018-0047

Published Oct 10, 2018

Last updated 4 days ago

CVSS high 8.0

Overview

Description: A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Source: sirt@juniper.net
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:13.3:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3690DD20-F4FF-4388-899E-884D60052199"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:13.3:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "642062E4-FCD1-4C96-9832-8B65D1D327D8"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA50737C-5924-490D-8A1C-C7913264D458"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EB0159B-4D22-40E1-AD55-17D7A8AA4CAA"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:14.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C157A9EB-482F-4060-9A60-0D149D656665"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC5AA529-494F-4297-88FE-4C58B8FCA8F1"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C01B9DB-ADFF-4652-8040-572715370BDF"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE27435E-F321-4CD6-AB9E-AF2F50057A03"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.1:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3716BA1C-FFDF-4939-8AE6-68BFB06CDD53"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F319D4E-938C-44AF-868A-FBFF077D6139"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:15.2:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FE562A7-779A-4B7C-9A1E-3EF141D798B5"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "882C4D7A-293C-4587-84B1-822F63D53D2F"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A98BA3F-35BD-4C8D-80B4-B85C3B32F5AD"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:16.1:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE3823E7-6A1D-4645-94C5-01EBB2392B69"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:17.1:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DFF54CC-E24F-42B4-B908-AECD1139146B"
          },
          {
            "criteria": "cpe:2.3:o:juniper:junos_space:17.2:r1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E80FD6E-A2E7-4B8C-BFC8-D9B0F32245C7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References