CVE-2013-6618
published 2013-11-05CVE-2013-6618: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote…
PriorityP264critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
10.61%
95.2th percentile
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | j-web | — | — |
| juniper | junos | <= 10.4 | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /jsdm/ajax/port.php with 'rs=exec' or 'rs=file_get_contents' parameters, which indicate exploitation attempts of CVE-2013-6618. ↗
- →Detect session hijacking attempts by monitoring for reads of /tmp directory contents via the rs=file_get_contents&rsargs[]=/tmp pattern in J-Web requests. ↗
- ·Exploitation requires remote authenticated access (read-only credentials are sufficient); unauthenticated exploitation is not possible. ↗
- ·Command execution occurs within a chroot environment (UID=0/root inside chroot), limiting direct host-level impact but still enabling privilege escalation via session hijacking. ↗
- ·All Junos OS builds prior to 2013-02-28 are affected; the fix has not been independently validated by the discovering researcher (SOS). ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Juniper
CVE-2013-6618: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows
vendor_juniper·2013-11-05·CVSS 9.0
CVE-2013-6618 [CRITICAL] CWE-20 CVE-2013-6618: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows
CVE-2013-6618: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
GHSA
GHSA-6ghq-fc75-q46q: jsdm/ajax/port
ghsa_unreviewed·2022-05-17
CVE-2013-6618 [HIGH] CWE-20 GHSA-6ghq-fc75-q46q: jsdm/ajax/port
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
No detection rules found.
No writeups or analysis indexed.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560http://secunia.com/advisories/54731http://www.exploit-db.com/exploits/29544http://www.securityfocus.com/bid/62305http://www.securitytracker.com/id/1029016http://www.senseofsecurity.com.au/advisories/SOS-13-003https://exchange.xforce.ibmcloud.com/vulnerabilities/87011http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10560http://secunia.com/advisories/54731http://www.exploit-db.com/exploits/29544http://www.securityfocus.com/bid/62305http://www.securitytracker.com/id/1029016http://www.senseofsecurity.com.au/advisories/SOS-13-003https://exchange.xforce.ibmcloud.com/vulnerabilities/87011
2013-11-05
Published