Juniper NSM Remote Code Execution (JSA10625)

critical Nessus Plugin ID 74140

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote host has one or more instances of NSM (Network and Security Manager) Server running, with version(s) prior to 2012.2R8. It is, therefore, affected by a remote code execution vulnerability in the NSM XDB service.

Solution

Upgrade to NSM version 2012.2R8 or later.

See Also

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10625

Plugin Details

Severity: Critical

ID: 74140

File Name: juniper_nsm_jsa10625.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 5/22/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:juniper:network_and_security_manager

Required KB Items: Juniper_NSM_VerDetected

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2014

Vulnerability Publication Date: 5/14/2014

Reference Information

CVE: CVE-2014-3411

BID: 67445