Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Junos CSRF Protection Bypass Vulnerability in J-Web
Information
Severity
Severity
Medium
Family
Family
JunOS Local Security Checks
CVSSv2 Base
CVSSv2 Base
5.1
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:P/I:P/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
10 years ago
Modified
Modified
5 years ago
Summary
A CSRF Protection bypass in J-Web allows an attacker to gain unauthorized access to the affected device.
Insight
Insight
A vulnerability in J-Web may allow remote attackers to bypass CSRF (Cross-Site Request Forgery) Protection in J-Web.
Affected Software
Affected Software
Platforms running Junos OS 10.4, 11.4, 12.1, 12.1X44, 12.2, 12.3, or 13.1.
Detection Method
Detection Method
Checks if a vulnerable OS build is present on the target host.
Solution
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable J-Web or limit access to only trusted hosts.