| Vulnerability Name: | CVE-2013-6618 (CCN-87011) | ||||||||
| Assigned: | 2013-09-11 | ||||||||
| Published: | 2013-09-11 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. | ||||||||
| CVSS v3 Severity: | 8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-6618 Source: CCN Type: JSA10560 Junos: J-Web Sajax remote code execution Source: CONFIRM Type: Vendor Advisory http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560 Source: CCN Type: SA54731 Juniper Junos J-Web Arbitrary Command Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 54731 Source: EXPLOIT-DB Type: UNKNOWN 29544 Source: BID Type: Exploit 62305 Source: CCN Type: BID-62305 Juniper Junos J-Web Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1029016 Source: MISC Type: Exploit http://www.senseofsecurity.com.au/advisories/SOS-13-003 Source: XF Type: UNKNOWN juniper-port-command-execution(87011) Source: XF Type: UNKNOWN juniper-port-command-execution(87011) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [11-12-2013] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||