CVE-2013-6618

Sažetak

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
http://secunia.com/advisories/54731
http://www.exploit-db.com/exploits/29544
http://www.securityfocus.com/bid/62305
http://www.securitytracker.com/id/1029016
http://www.senseofsecurity.com.au/advisories/SOS-13-003
https://exchange.xforce.ibmcloud.com/vulnerabilities/87011

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-08-2017 - 01:33

Objavljeno

05-11-2013 - 20:55