An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device. While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:AmberJuniper Ex2300
HWJuniperwszystkie wersjeJuniper Ex2300 C
HWJuniperwszystkie wersjeJuniper Ex3400
HWJuniperwszystkie wersjeJuniper Ex4000
HWJuniperwszystkie wersjeJuniper Ex4100
HWJuniperwszystkie wersjeJuniper Ex4100 F
HWJuniperwszystkie wersjeJuniper Ex4100 H
HWJuniperwszystkie wersjeJuniper Ex4300
HWJuniperwszystkie wersjeJuniper Ex4400
HWJuniperwszystkie wersjeJuniper Ex4600
HWJuniperwszystkie wersjeJuniper Ex4650
HWJuniperwszystkie wersjeJuniper Ex9204
HWJuniperwszystkie wersjeJuniper Ex9208
HWJuniperwszystkie wersjeJuniper Ex9214
HWJuniperwszystkie wersjeJuniper Junos
OSJuniper21.221.422.222.322.423.223.4< 21.2Juniper J Web
APPJuniperwszystkie wersjeJuniper Srx1500
HWJuniperwszystkie wersjeJuniper Srx1600
HWJuniperwszystkie wersjeJuniper Srx2300
HWJuniperwszystkie wersjeJuniper Srx300
HWJuniperwszystkie wersjeJuniper Srx320
HWJuniperwszystkie wersjeJuniper Srx340
HWJuniperwszystkie wersjeJuniper Srx345
HWJuniperwszystkie wersjeJuniper Srx380
HWJuniperwszystkie wersjeJuniper Srx4100
HWJuniperwszystkie wersjeJuniper Srx4120
HWJuniperwszystkie wersjeJuniper Srx4200
HWJuniperwszystkie wersjeJuniper Srx4300
HWJuniperwszystkie wersjeJuniper Srx4600
HWJuniperwszystkie wersjeJuniper Srx4700
HWJuniperwszystkie wersje
Related vulnerabilities
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...
Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...