North Dakota Information Technology Department (ITD)A cross site scripting issue has been found in the Juniper Networks SSL VPN product. The cause of this issue is due to incorrect validation of user input sent to the SSL VPN web server. This issue exists within a file that pertains to the Network Connect (NC)/Pulse feature, which is only accessible by an authenticated user.
This issue was found during proactive security testing of the SSL VPN. No other Juniper products or platforms are vulnerable to this issue.
Risk Assessment CVSS 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
A successful cross site scripting exploit would allow an attacker to dynamically generate web content to their liking which could be rendered in the user's browser. This could allow possible session theft or other possible information disclosure.
All SSL VPN Users
Copyright © 2013 North Dakota Information Technology Department - ITD
Download Adobe Reader to view, print and collaborate on PDF files.
Awesome Service as usual!