CVE-2009-5086
Description
Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Juniper IDP ACM versions prior to 4.1r3 and 4.2r1 contain a cross-site scripting vulnerability allowing arbitrary script execution.
Vulnerability
The Appliance Configuration Manager (ACM) in Juniper IDP versions prior to 4.1r3 and 4.2r1 contains a cross-site scripting (XSS) vulnerability [1][2]. The ACM provides a web interface for configuration changes and fails to properly sanitize user input [2].
Exploitation
An attacker can exploit this vulnerability by injecting arbitrary web script or HTML via unspecified vectors [1][2]. The attack is network-based and does not require authentication, but user interaction (e.g., clicking a malicious link) is necessary [1].
Impact
Successful exploitation allows arbitrary script execution in the victim's web browser, potentially leading to information disclosure, session hijacking, or other actions within the ACM context [1][2].
Mitigation
Update IDP firmware to version 4.1r3 or 4.2r1 or later as provided by Juniper Networks [1][2]. No other workarounds are documented.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5cpe:2.3:a:juniper:idp:4.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:juniper:idp:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:idp:4.1r1:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:idp:4.1r2:*:*:*:*:*:*:*
- cpe:2.3:a:juniper:idp:4.2:*:*:*:*:*:*:*
- (no CPE)range: <4.1r3, <4.2r1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.