Vulnerability Change Records for CVE-2017-2335

Change History

CVE Modified by Juniper Networks, Inc. 10/09/2019 7:26:44 PM

Action Type Old Value New Value
Added CVSS V3

								
							
							
						
Juniper Networks, Inc. AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVE Modified by Juniper Networks, Inc. 7/21/2017 9:29:01 PM

Action Type Old Value New Value
Changed Description
A security researcher testing a Juniper NetScreen Firewall+VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. A user with the 'security' role can inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

CVE Modified by Juniper Networks, Inc. 7/17/2017 10:29:00 AM

Action Type Old Value New Value
Removed Reference
http://www.securityfocus.com/bid/99590 [No Types Assigned]

								
						
Removed Reference
http://www.securitytracker.com/id/1038881 [No Types Assigned]

								
						

CVE Modified by Juniper Networks, Inc. 7/17/2017 9:29:00 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/99590 [No Types Assigned]
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1038881 [No Types Assigned]