Vulnerability Details : CVE-2017-10612
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2017-10612
- cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-10612
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-10612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
8.0
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
NIST | |
8.0
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
Juniper Networks, Inc. |
CWE ids for CVE-2017-10612
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-10612
-
http://www.securityfocus.com/bid/101256
Juniper Networks JUNOS Space CVE-2017-10612 HTML Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://kb.juniper.net/JSA10826
Juniper Networks - 2017-10 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 17.1R1 releaseVendor Advisory
Jump to