5.1

CVE-2013-4689

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version <= 10.4
JuniperJunos Version4.0
JuniperJunos Version4.1
JuniperJunos Version4.2
JuniperJunos Version4.3
JuniperJunos Version4.4
JuniperJunos Version5.0
JuniperJunos Version5.1
JuniperJunos Version5.2
JuniperJunos Version5.3
JuniperJunos Version5.4
JuniperJunos Version5.5
JuniperJunos Version5.6
JuniperJunos Version5.7
JuniperJunos Version6.0
JuniperJunos Version6.1
JuniperJunos Version6.2
JuniperJunos Version6.3
JuniperJunos Version6.4
JuniperJunos Version7.0
JuniperJunos Version7.1
JuniperJunos Version7.2
JuniperJunos Version7.3
JuniperJunos Version7.4
JuniperJunos Version7.5
JuniperJunos Version7.6
JuniperJunos Version8.0
JuniperJunos Version8.1
JuniperJunos Version8.2
JuniperJunos Version8.3
JuniperJunos Version8.4
JuniperJunos Version9.0
JuniperJunos Version9.1
JuniperJunos Version9.2
JuniperJunos Version9.4
JuniperJunos Version9.5
JuniperJunos Version9.6
JuniperJunos Version11.4
JuniperJunos Version12.1
JuniperJunos Version12.1x44
JuniperJunos Version12.1x45
JuniperJunos Version12.2
JuniperJunos Version12.3
JuniperJunos Version13.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.98% 0.575
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597
Vendor Advisory
http://osvdb.org/98325
http://secunia.com/advisories/55166
Vendor Advisory
http://www.securityfocus.com/bid/62940