VAR-201311-0339
Vulnerability from variot - Updated: 2024-02-14 23:10jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. Juniper Junos is prone to a privilege-escalation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. Versions prior to Juniper Junos 10.4R13 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "10.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "10.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "10.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "10.0"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.2"
},
{
"model": "junos",
"scope": "lte",
"trust": 1.0,
"vendor": "juniper",
"version": "10.4"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.3"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.2"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "11.4r7"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1r5"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.3r1"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.2r3"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "junos",
"scope": "eq",
"trust": 0.6,
"vendor": "juniper",
"version": "10.4"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "10.4"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "10.3"
},
{
"model": "networks junos 10.2r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos 10.2r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "10.2"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "10.1"
},
{
"model": "networks junos 10.0s18",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "10.0"
}
],
"sources": [
{
"db": "BID",
"id": "62305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Phil of Sense of Security",
"sources": [
{
"db": "BID",
"id": "62305"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6618",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6618",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-66620",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6618",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-140",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66620",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action. Juniper Junos is prone to a privilege-escalation vulnerability. \nAn attacker can exploit this vulnerability to execute arbitrary code with elevated privileges. \nVersions prior to Juniper Junos 10.4R13 are vulnerable. Juniper Networks Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company\u0027s hardware system. The operating system provides a secure programming interface and Junos SDK. J-Web is a network management tool for routers or switches using Junos",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6618"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "BID",
"id": "62305"
},
{
"db": "VULHUB",
"id": "VHN-66620"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66620",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6618",
"trust": 2.8
},
{
"db": "BID",
"id": "62305",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1029016",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10560",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54731",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "29544",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140",
"trust": 0.7
},
{
"db": "XF",
"id": "87011",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83037",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66620",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
},
{
"db": "BID",
"id": "62305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"id": "VAR-201311-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
}
],
"trust": 0.38947368000000004
},
"last_update_date": "2024-02-14T23:10:01.500000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10560",
"trust": 0.8,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10560"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/62305"
},
{
"trust": 1.7,
"url": "http://www.senseofsecurity.com.au/advisories/sos-13-003"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1029016"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/54731"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10560"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/29544"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87011"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6618"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6618"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/87011"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10560"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66620"
},
{
"db": "BID",
"id": "62305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66620"
},
{
"db": "BID",
"id": "62305"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-66620"
},
{
"date": "2013-09-10T00:00:00",
"db": "BID",
"id": "62305"
},
{
"date": "2013-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"date": "2013-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"date": "2013-11-05T20:55:30.243000",
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-66620"
},
{
"date": "2014-10-10T00:03:00",
"db": "BID",
"id": "62305"
},
{
"date": "2013-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005031"
},
{
"date": "2013-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-140"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2013-6618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Junos of J-Web of jsdm/ajax/port.php Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005031"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-140"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…