CVE-2018-0059

{"id": "CVE-2018-0059", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2018-10-10T18:29:03.250", "references": [{"url": "https://kb.juniper.net/JSA10894", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26."}, {"lang": "es", "value": "Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la interfaz gr\u00e1fica de usuario de ScreenOS podr\u00eda permitir que un usuario autenticado remoto inyecte scripts web o HTML y robe datos sensibles y credenciales de una sesi\u00f3n de administraci\u00f3n web, posiblemente enga\u00f1ando a un usuario administrativo Las versiones afectadas son Juniper Networks ScreenOS 6.3.0 en versiones anteriores a la 6.3.0r26."}], "lastModified": "2019-10-09T23:31:09.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96401D48-27DC-430A-A4B4-948E17BA6E39"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5A09352-D6E7-4D28-B56B-482EA05CEE17"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31866992-A433-492F-8917-C6EAE2DE93A7"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCC1E507-094A-4E58-860A-13A8358A7B6C"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD02B72-9C50-4DF9-97A6-A54716E1FE56"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F3DD43B-6F14-4AE5-8D68-605E6B5DE5A1"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D1C538-CACD-45A5-B1C1-2335FDA12E97"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E699028-E9BC-403A-96CB-E16ED464D01B"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD07648-C22A-4DBF-8B40-CB4A8C3C2102"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1004079D-342C-4EC0-974A-2DE56FC3F700"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A7D1CD7-5865-41E8-B559-5C6A75A9B62A"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DED0811-87AD-4693-B81A-567904FB8D78"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323B99B7-D519-4DA5-A1DE-7A2A226EEACF"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFE094DA-E949-4338-ACB8-53070BA959C7"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36F89341-6353-4884-912E-F6FD0A7751A7"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CFD2BBD-BBE2-4F53-A0C8-0CBCF7D1B40F"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "248A6131-813B-4A52-87FC-4F1C7012348C"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2D7C68-EA5A-4FAA-AE55-A186B65B81BB"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EC7AA8A-9876-4B3D-BBFF-FDEEAAFADB6F"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18AB6421-675E-43AC-A8A9-3839C71BAD46"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C4AD2D-BFB2-476A-917F-D149F280D02F"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05A72249-E0FC-4EFF-B81A-BB2A6120681A"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324C5CAF-199B-4EAE-A3FB-5C8AF90DDFBA"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r23b1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18749046-BC0F-49F0-B89D-723725138D64"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67704888-85CA-4C4C-94B5-7D0AA5F6DBC8"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r24b1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAA3B77C-8213-4847-BA56-4A9BF921016F"}, {"criteria": "cpe:2.3:o:juniper:netscreen_screenos:6.3.0r25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25C306B0-F3EF-4A01-A5DA-6386FCE0E59F"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}