Juniper Junos J-Web Remote Code Execution (PSN-2013-04-914)
High Nessus Plugin ID 66512
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device has a remote code execution vulnerability. When J-Web is enabled, authenticated users can execute arbitrary commands. This could allow an unprivileged user (e.g., read only access) to get complete administrative access. A remote, authenticated attacker could exploit this to run arbitrary commands with administrative privileges.
SolutionApply the relevant Junos upgrade referenced in Juniper advisory PSN-2013-04-914.