Sign-up

ID

VAR-201310-0461


CVE

CVE-2013-4689


TITLE

Juniper Junos of J-Web Vulnerable to bypass cross-site request forgery protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2013-004804

DESCRIPTION

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts. Juniper Junos is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Juniper Junos 10.4, 11.4, 12.1, 12.1X44, 12.2, 12.3, and 13.1 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos. The following releases are affected: Junos 10.4, 11.4, 12.1, 12.1X44, 12.2, 12.3, 13.1

Trust: 1.98

sources: NVD: CVE-2013-4689 // JVNDB: JVNDB-2013-004804 // BID: 62940 // VULHUB: VHN-64691

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:9.4

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:9.0

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:8.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:8.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:9.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:9.5

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:9.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:8.4

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:9.6

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:8.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:4.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x45

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.3

Trust: 1.0

vendor:junipermodel:junosscope:lteversion:10.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.5

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.5

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.6

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:8.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:4.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.6

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:4.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:4.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:13.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:6.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:4.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:6.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:6.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:6.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.7

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:6.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:7.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.0

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:5.4

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:13.1

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1r

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x45

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x45-d10

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x44-d15

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.2

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.2r3

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:13.1r3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:10.4

Trust: 0.6

vendor:junipermodel:networks junosscope:eqversion:10.4

Trust: 0.3

sources: BID: 62940 // JVNDB: JVNDB-2013-004804 // CNNVD: CNNVD-201310-461 // NVD: CVE-2013-4689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4689
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-4689
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-461
value: MEDIUM

Trust: 0.6

VULHUB: VHN-64691
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-4689
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64691
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64691 // JVNDB: JVNDB-2013-004804 // CNNVD: CNNVD-201310-461 // NVD: CVE-2013-4689

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-64691 // JVNDB: JVNDB-2013-004804 // NVD: CVE-2013-4689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-461

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201310-461

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004804

PATCH
title:JSA10597url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004804

EXTERNAL IDS
db:NVDid:CVE-2013-4689
Trust: 2.8
db:BIDid:62940
Trust: 2.0
db:SECUNIAid:55166
Trust: 1.7
db:JUNIPERid:JSA10597
Trust: 1.7
db:OSVDBid:98325
Trust: 1.7
db:JVNDBid:JVNDB-2013-004804
Trust: 0.8
db:CNNVDid:CNNVD-201310-461
Trust: 0.7
db:VULHUBid:VHN-64691
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64691 // 
            
            
            
            BID: 62940 // 
            
            
            
            JVNDB: JVNDB-2013-004804 // 
            
            
            
            CNNVD: CNNVD-201310-461 // 
            
            
            
            NVD: CVE-2013-4689

REFERENCES
url:http://www.securityfocus.com/bid/62940
Trust: 1.7
url:http://osvdb.org/98325
Trust: 1.7
url:http://secunia.com/advisories/55166
Trust: 1.7
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10597
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4689
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4689
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10597
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64691 // 
            
            
            
            BID: 62940 // 
            
            
            
            JVNDB: JVNDB-2013-004804 // 
            
            
            
            CNNVD: CNNVD-201310-461 // 
            
            
            
            NVD: CVE-2013-4689

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62940

SOURCES
db:VULHUBid:VHN-64691
db:BIDid:62940
db:JVNDBid:JVNDB-2013-004804
db:CNNVDid:CNNVD-201310-461
db:NVDid:CVE-2013-4689

LAST UPDATE DATE
2025-04-11T23:01:44.668000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64691date:2013-10-25T00:00:00
db:BIDid:62940date:2013-10-10T00:00:00
db:JVNDBid:JVNDB-2013-004804date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-461date:2013-11-01T00:00:00
db:NVDid:CVE-2013-4689date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-64691date:2013-10-17T00:00:00
db:BIDid:62940date:2013-10-10T00:00:00
db:JVNDBid:JVNDB-2013-004804date:2013-10-22T00:00:00
db:CNNVDid:CNNVD-201310-461date:2013-10-21T00:00:00
db:NVDid:CVE-2013-4689date:2013-10-17T23:55:04.627