CVE-2013-6618

Name of the Vulnerable Software and Affected Versions Junos versions prior to 10.4R13 Junos versions 11.4 before 11.4R7 Junos versions 12.1 before 12.1R5 Junos versions 12.2 before 12.2R3 Junos versions 12.3 before 12.3R1

Description The issue allows remote authenticated users to execute arbitrary commands. This is due to a lack of parameter checking in the sajax handle client request function in the Sajax AJAX library. The rsargs parameter in an exec action can be exploited.

Recommendations For Junos versions prior to 10.4R13, update to version 10.4R13 or later. For Junos versions 11.4 before 11.4R7, update to version 11.4R7 or later. For Junos versions 12.1 before 12.1R5, update to version 12.1R5 or later. For Junos versions 12.2 before 12.2R3, update to version 12.2R3 or later. For Junos versions 12.3 before 12.3R1, update to version 12.3R1 or later. As a temporary workaround, consider restricting access to the jsdm/ajax/port.php endpoint until a patch is available. Avoid using the rsargs parameter in the affected API endpoint until the issue is resolved.