March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2020-3955 – VMware ESXi Cross-Site Scripting Vulnerability
April 30, 2020Rewterz Threat Advisory – CVE-2019-15126 – Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2 Vulnerability
April 30, 2020Rewterz Threat Advisory – CVE-2020-3955 – VMware ESXi Cross-Site Scripting Vulnerability
April 30, 2020Rewterz Threat Advisory – CVE-2019-15126 – Cisco Wi-Fi Protected Network and Wi-Fi Protected Network 2 Vulnerability
April 30, 2020
Severity
Medium
Analysis Summary
| A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. |
Impact
| Command injection |
Affected Vendor
Juniper
Affected Products
| Junos OS 12.3 12.3X48 14.1X53 15.1 15.1X49 17.2 17.3 17.4 18.1 18.2 18.3 18.4 19.1 19.2 19.3 19.4 20.1 |
Remediation
| If HTTP/HTTPS services are disabled, there is no impact from this vulnerability. Refer to vendor’s advisory for the list of upgraded patches. https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&cat=SIRT_1&actp=LIST |