Description
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Exploits (1)
References (7)
Core 7
Core References
Exploit, URL Repurposed x_refsource_misc
http://www.senseofsecurity.com.au/advisories/SOS-13-003
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/29544
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54731
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62305
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029016
Scores
EPSS
0.0865
EPSS Percentile
92.5%
Details
CWE
CWE-20
Status
published
Products (9)
juniper/junos
10.0
juniper/junos
10.1
juniper/junos
10.2
juniper/junos
10.3
juniper/junos
11.4
juniper/junos
12.1
juniper/junos
12.2
juniper/junos
12.3
juniper/junos
< 10.4
Published
Nov 05, 2013
Tracked Since
Feb 18, 2026