Juniper NSM Remote Code Execution (JSA10625)

Critical Nessus Plugin ID 74140


The remote host is affected by a remote code execution vulnerability.


The remote host has one or more instances of NSM (Network and Security Manager) Server running, with version(s) prior to 2012.2R8. It is, therefore, affected by a remote code execution vulnerability in the NSM XDB service.


Upgrade to NSM version 2012.2R8 or later.

See Also

Plugin Details

Severity: Critical

ID: 74140

File Name: juniper_nsm_jsa10625.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Misc.

Published: 2014/05/22

Modified: 2017/05/16

Dependencies: 69871, 69870

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:juniper:network_and_security_manager

Required KB Items: Juniper_NSM_VerDetected

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/09

Vulnerability Publication Date: 2014/05/14

Reference Information

CVE: CVE-2014-3411

BID: 67445

OSVDB: 106938