Juniper Web Device Manager - Cross-Site Scripting
ID: CVE-2022-22242
Severity: medium
Author: EvergreenCartoons
Tags: cve2022,cve,xss,juniper,junos
Description
Section titled “Description”Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim’s browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
YAML Source
Section titled “YAML Source”id: CVE-2022-22242
info: name: Juniper Web Device Manager - Cross-Site Scripting author: EvergreenCartoons severity: medium description: | Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Juniper Networks to mitigate this vulnerability. reference: - https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ - https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US - https://kb.juniper.net/JSA69899 - https://nvd.nist.gov/vuln/detail/CVE-2022-22242 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-22242 cwe-id: CWE-79 epss-score: 0.43644 epss-percentile: 0.97362 cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: juniper product: junos shodan-query: - title:"Juniper Web Device Manager" - http.title:"juniper web device manager" fofa-query: title="juniper web device manager" google-query: intitle:"juniper web device manager" tags: cve2022,cve,xss,juniper,junos
http: - method: GET path: - '{{BaseURL}}/error.php?SERVER_NAME=<script>alert(document.domain)</script>'
matchers-condition: and matchers: - type: word part: body words: - "<script>alert(document.domain)</script>" - "The requested resource is not authorized to view" condition: and
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 4b0a0048304602210099c31a8046e4b1acd67a965c57cea90554fd953e2f55db88cbf5648116c34256022100d89fee41acef2aebd00f8d0ef5b36f07cea08ead6b43b8ab05fd99bdc3484f72:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-22242.yaml"