CVE-2017-10612
moderate-risk
Published 2017-10-13
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Do I need to act?
-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/101256
Vendor Advisory
https://kb.juniper.net/JSA10826
Third Party Advisory
http://www.securityfocus.com/bid/101256
Vendor Advisory
https://kb.juniper.net/JSA10826
34
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal