Vulnerability Details : CVE-2013-6618
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Vulnerability category: Input validation
Products affected by CVE-2013-6618
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6618
3.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6618
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2013-6618
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6618
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
Juniper Junos port.php command execution CVE-2013-6618 Vulnerability Report
-
http://www.securityfocus.com/bid/62305
Juniper Junos J-Web Privilege Escalation VulnerabilityExploit
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
Juniper Networks - 2013-04 Security Bulletin: Junos: J-Web Sajax remote code executionVendor Advisory
-
http://www.exploit-db.com/exploits/29544
Juniper Junos J-Web - Privilege Escalation - PHP webapps Exploit
-
http://www.securitytracker.com/id/1029016
Juniper Junos J-Web '/jsdm/ajax/port.php' Script Lets Remote Authenticated Users Execute Arbitrary Commands - SecurityTracker
-
http://www.senseofsecurity.com.au/advisories/SOS-13-003
Juniper Junos J-Web Privilege Escalation VulnerabilityExploit
Jump to