CVE-2013-6618
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
| Software | From | Fixed in |
|---|---|---|
| juniper / junos | 10.3 | 10.3.x |
| juniper / junos | 10.2 | 10.2.x |
| juniper / junos | 10.1 | 10.1.x |
| juniper / junos | 12.1 | 12.1.x |
| juniper / junos | - | 10.4.x |
| juniper / junos | 11.4 | 11.4.x |
| juniper / junos | 12.3 | 12.3.x |
| juniper / junos | 12.2 | 12.2.x |
| juniper / junos | 10.0 | 10.0.x |
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
- http://secunia.com/advisories/54731
- http://www.exploit-db.com/exploits/29544
- http://www.securityfocus.com/bid/62305
- http://www.securitytracker.com/id/1029016
- http://www.senseofsecurity.com.au/advisories/SOS-13-003
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime