Juniper ScreenOS CVE-2018-0059 HTML Injection Vulnerability

Bugtraq ID:	106205
Class:	Input Validation Error
CVE:	CVE-2018-0059
Remote:	Yes
Local:	No
Published:	Oct 10 2018 12:00AM
Updated:	Oct 10 2018 12:00AM
Credit:	Marcel Bilal from IT-Dienstleistungszentrum Berlin
Vulnerable:	Juniper screenos 6.3 Juniper screenos 6.3.0r24 Juniper screenos 6.3.0r22 Juniper screenos 6.3.0r21 Juniper screenos 6.3.0r20 Juniper screenos 6.3.0r19 Juniper screenos 6.3.0R13 Juniper screenos 6.3.0R12
Not Vulnerable:	Juniper screenos 6.3.0r26

Juniper ScreenOS CVE-2018-0059 HTML Injection Vulnerability

Juniper ScreenOS is prone to a HTML-injection vulnerability because it fails to sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Juniper ScreenOS CVE-2018-0059 HTML Injection Vulnerability

An attacker can exploit the issue by enticing an unsuspecting user to visit a specially crafted URL.

Juniper ScreenOS CVE-2018-0059 HTML Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Juniper ScreenOS CVE-2018-0059 HTML Injection Vulnerability

References:

• Juniper HomePage (Juniper)
  
• 2018-10 Security Bulletin: ScreenOS: Stored Cross-Site Scripting (XSS) vulnerabi (Juniper)