PT-2013-1296 · Modernizr+1 · Sajax Ajax Library+1
Published
2013-10-09
·
Updated
2013-10-25
·
CVE-2013-4689
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Junos versions prior to 10.4R13
Junos versions 11.4 before 11.4R7
Junos versions 12.1 before 12.1R6
Junos versions 12.1X44 before 12.1X44-D15
Junos versions 12.1X45 before 12.1X45-D10
Junos versions 12.2 before 12.2R3
Junos versions 12.3 before 12.3R2
Junos versions 13.1 before 13.1R3
Description
The issue allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests. This can lead to creating new administrator accounts or have other unspecified impacts. The vulnerability is also related to the absence of checking the
csrf token parameter for GET requests in the Sajax AJAX library.Recommendations
For Junos versions prior to 10.4R13, update to version 10.4R13 or later.
For Junos versions 11.4 before 11.4R7, update to version 11.4R7 or later.
For Junos versions 12.1 before 12.1R6, update to version 12.1R6 or later.
For Junos versions 12.1X44 before 12.1X44-D15, update to version 12.1X44-D15 or later.
For Junos versions 12.1X45 before 12.1X45-D10, update to version 12.1X45-D10 or later.
For Junos versions 12.2 before 12.2R3, update to version 12.2R3 or later.
For Junos versions 12.3 before 12.3R2, update to version 12.3R2 or later.
For Junos versions 13.1 before 13.1R3, update to version 13.1R3 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Sajax Ajax Library