CVE-2014-6447
high-risk
Published 2020-02-11
Multiple vulnerabilities exist in Juniper Junos J-Web error handling that may lead to cross site scripting (XSS) issues or crash the J-Web service (DoS). This affects Juniper Junos OS 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R3, 14.1X53 before 14.1X53-D10, 14.2 before 14.2R1, and 15.1 before 15.1R1.
Do I need to act?
-
0.47% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682
Third Party Advisory
http://www.securitytracker.com/id/1032846
Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10682
Third Party Advisory
http://www.securitytracker.com/id/1032846
52
/ 100
high-risk
Severity
25/34 · High
Exploitability
2/34 · Minimal
Exposure
25/34 · High