Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6618Improper Input Validation in Juniper Junos

CWE-20Improper Input Validation4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
8.6%
top 7.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Juniper JunosJuniper J-webJuniper Junos OS
Timeline
PublishedNov 5
Latest updateMay 17

Description

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

NVDjuniper/junos10.4+8
juniperjuniper/j-web

🔴Vulnerability Details

1
GHSA
GHSA-6ghq-fc75-q46q: jsdm/ajax/port2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Juniper Junos J-Web - Privilege Escalation2013-11-12

📋Vendor Advisories

1
Juniper
CVE-2013-6618: jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows2013-11-05