Juniper Junos J-Web Sajax Remote Code Execution (JSA10560)
High Nessus Plugin ID 71310
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Junos device is affected by a remote code execution vulnerability due to a lack of validation when passing input from the 'rs' parameter to the '/jsdm/ajax/port.php' script. Authenticated users, when J-Web is enabled, can execute arbitrary commands with administrative privileges.
SolutionApply the relevant Junos upgrade or the workaround referenced in Juniper advisory JSA10560.