Release date:
Updated on:
Affected Systems:
Juniper Networks SmartPass 8.x
Juniper Networks SmartPass 7.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-3498
SmartPass is a wireless network security application that implements dynamic access control for all users or devices and provides wireless access support for visitors.
In versions earlier than Juniper SmartPass 7.7 MR3 and 8.0 MR2, some inputs that are not properly filtered are returned to the user, which can cause arbitrary HTML and script code execution in the user browser session in the context of the affected site.
<* Source: Ross Bushby
Link: http://secunia.com/advisories/53359/
Https://kb.juniper.net/InfoCenter/index? Page = content & id = KB27375
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Juniper Networks
----------------
Juniper Networks has released a Security Bulletin (KB27375) for this purpose and corresponding patches:
KB27375: Security Bulletin: SmartPass WLAN Security Management: CVE-2013-3498 XSS Vulnerability
Link: https://kb.juniper.net/InfoCenter/index? Page = content & id = KB27375
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
