1. Home
  2. CVE Database
  3. CVE-2021-31373
HIGH · 8.0

CVE-2021-31373

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An a...

Vulnerability Description

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos18.2
JuniperSrx100-
JuniperSrx110-
JuniperSrx1400-
JuniperSrx1500-
JuniperSrx210-
JuniperSrx220-
JuniperSrx240-
JuniperSrx240H2-
JuniperSrx300-
JuniperSrx320-
JuniperSrx340-
JuniperSrx3400-
JuniperSrx345-
JuniperSrx3600-
JuniperSrx380-
JuniperSrx4000-
JuniperSrx4100-
JuniperSrx4200-
JuniperSrx4600-

Related Weaknesses (CWE)

CWE-20CWE-79

References

FAQ

What is CVE-2021-31373?

CVE-2021-31373 is a vulnerability with a CVSS score of 8.0 (HIGH). A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An a...

How severe is CVE-2021-31373?

CVE-2021-31373 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31373?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Srx100, Juniper Srx110, Juniper Srx1400, Juniper Srx1500.