Sign-up

ID

VAR-201311-0339


CVE

CVE-2013-6618


TITLE

Juniper Junos of J-Web of jsdm/ajax/port.php Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-005031

DESCRIPTION

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. Juniper Junos is prone to a privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. Versions prior to Juniper Junos 10.4R13 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos

Trust: 1.98

sources: NVD: CVE-2013-6618 // JVNDB: JVNDB-2013-005031 // BID: 62305 // VULHUB: VHN-66620

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:10.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:10.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:10.2

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:10.0

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:12.2

Trust: 1.6

vendor:junipermodel:junosscope:lteversion:10.4

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:12.3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.2

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r7

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1r5

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.3r1

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.2r3

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:junosscope:eqversion:10.4

Trust: 0.6

vendor:junipermodel:networks junosscope:eqversion:10.4

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:10.3

Trust: 0.3

vendor:junipermodel:networks junos 10.2r3scope: - version: -

Trust: 0.3

vendor:junipermodel:networks junos 10.2r2scope: - version: -

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:10.2

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:10.1

Trust: 0.3

vendor:junipermodel:networks junos 10.0s18scope: - version: -

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:10.0

Trust: 0.3

sources: BID: 62305 // JVNDB: JVNDB-2013-005031 // CNNVD: CNNVD-201309-140 // NVD: CVE-2013-6618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6618
value: HIGH

Trust: 1.0

NVD: CVE-2013-6618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201309-140
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66620
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6618
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66620
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66620 // JVNDB: JVNDB-2013-005031 // CNNVD: CNNVD-201309-140 // NVD: CVE-2013-6618

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66620 // JVNDB: JVNDB-2013-005031 // NVD: CVE-2013-6618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-140

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-140

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005031

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-66620

PATCH
title:JSA10560url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005031

EXTERNAL IDS
db:NVDid:CVE-2013-6618
Trust: 2.8
db:BIDid:62305
Trust: 2.0
db:SECTRACKid:1029016
Trust: 1.7
db:JUNIPERid:JSA10560
Trust: 1.7
db:SECUNIAid:54731
Trust: 1.7
db:EXPLOIT-DBid:29544
Trust: 1.1
db:JVNDBid:JVNDB-2013-005031
Trust: 0.8
db:CNNVDid:CNNVD-201309-140
Trust: 0.7
db:XFid:87011
Trust: 0.6
db:SEEBUGid:SSVID-83037
Trust: 0.1
db:VULHUBid:VHN-66620
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66620 // 
            
            
            
            BID: 62305 // 
            
            
            
            JVNDB: JVNDB-2013-005031 // 
            
            
            
            CNNVD: CNNVD-201309-140 // 
            
            
            
            NVD: CVE-2013-6618

REFERENCES
url:http://www.securityfocus.com/bid/62305
Trust: 1.7
url:http://www.senseofsecurity.com.au/advisories/sos-13-003
Trust: 1.7
url:http://www.securitytracker.com/id/1029016
Trust: 1.7
url:http://secunia.com/advisories/54731
Trust: 1.7
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10560
Trust: 1.6
url:http://www.exploit-db.com/exploits/29544
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6618
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6618
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/87011
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10560
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66620 // 
            
            
            
            BID: 62305 // 
            
            
            
            JVNDB: JVNDB-2013-005031 // 
            
            
            
            CNNVD: CNNVD-201309-140 // 
            
            
            
            NVD: CVE-2013-6618

CREDITS
Phil of Sense of Security
Trust: 0.9
sources:
            
            
            BID: 62305 // 
            
            
            
            CNNVD: CNNVD-201309-140

SOURCES
db:VULHUBid:VHN-66620
db:BIDid:62305
db:JVNDBid:JVNDB-2013-005031
db:CNNVDid:CNNVD-201309-140
db:NVDid:CVE-2013-6618

LAST UPDATE DATE
2025-04-11T23:12:48.448000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66620date:2017-08-29T00:00:00
db:BIDid:62305date:2014-10-10T00:03:00
db:JVNDBid:JVNDB-2013-005031date:2013-11-07T00:00:00
db:CNNVDid:CNNVD-201309-140date:2013-11-06T00:00:00
db:NVDid:CVE-2013-6618date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-66620date:2013-11-05T00:00:00
db:BIDid:62305date:2013-09-10T00:00:00
db:JVNDBid:JVNDB-2013-005031date:2013-11-07T00:00:00
db:CNNVDid:CNNVD-201309-140date:2013-09-12T00:00:00
db:NVDid:CVE-2013-6618date:2013-11-05T20:55:30.243