CVE-2013-4689

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
juniperjunos
𝑥
≤ 10.4
juniperjunos
4.0
juniperjunos
4.1
juniperjunos
4.2
juniperjunos
4.3
juniperjunos
4.4
juniperjunos
5.0
juniperjunos
5.1
juniperjunos
5.2
juniperjunos
5.3
juniperjunos
5.4
juniperjunos
5.5
juniperjunos
5.6
juniperjunos
5.7
juniperjunos
6.0
juniperjunos
6.1
juniperjunos
6.2
juniperjunos
6.3
juniperjunos
6.4
juniperjunos
7.0
juniperjunos
7.1
juniperjunos
7.2
juniperjunos
7.3
juniperjunos
7.4
juniperjunos
7.5
juniperjunos
7.6
juniperjunos
8.0
juniperjunos
8.1
juniperjunos
8.2
juniperjunos
8.3
juniperjunos
8.4
juniperjunos
9.0
juniperjunos
9.1
juniperjunos
9.2
juniperjunos
9.4
juniperjunos
9.5
juniperjunos
9.6
juniperjunos
11.4
juniperjunos
12.1
juniperjunos
12.1x44:x44
juniperjunos
12.1x45:x45
juniperjunos
12.2
juniperjunos
12.3
juniperjunos
13.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597
http://osvdb.org/98325
http://secunia.com/advisories/55166
http://www.securityfocus.com/bid/62940
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597
http://osvdb.org/98325
http://secunia.com/advisories/55166
http://www.securityfocus.com/bid/62940