2013-12 Security Bulletin: Junos Pulse Secure Access Service (IVE): Cross site scripting issue (CVE-2013-6956)
Product Affected:This issue can affect all: SA700, SA2000, SA2500, SA4000, FIPS SA4000, SA4500, FIPS SA4500, SA6000, FIPS SA6000, SA6500, FIPS SA6500, MAG2600, MAG4610, MAG6610, and MAG6611
Problem: A cross site scripting issue has been found in the Juniper Networks SSL VPN product. The problem is a result of incorrect user input validation on the SSL VPN web server. The issue exists within a file that pertains to the Secure Access Service Web rewriting feature pages that are only accessible by an authenticated session. This issue is only present when web rewrite is enabled on a user’s role.Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities.No other Juniper Networks products or platforms are affected by this issue.This issue has been assigned CVE-2013-6956
Solution:The issue is fixed in SA (IVE OS) releases: 8.0r1, 7.4r6, 7.3r8, and 7.1r17, and all subsequent releases.KB16765 – “In which releases are vulnerabilities fixed?” describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.
Workaround: This issue can be avoided if the Secure Access Service Web rewriting feature is disabled. If this feature is required, an upgrade to a fixed version will resolve this issue.
Related Links: CVSS Score:4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Risk Assessment:Successful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user’s browser, leading to possible session theft, service disruption, or other information disclosure. Information for how Juniper Networks uses CVSS can be found at KB 16446 “Common Vulnerability Scoring System (CVSS) and Juniper’s Security Advisories.”
Acknowledgements: Juniper Networks would like to thank Roberto Suggi Liverani of NCIA/NCIRC for responsibly bringing this issue to our attention.