Vulnerability Description
J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | <= 10.4 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597Vendor Advisory
- http://osvdb.org/98325
- http://secunia.com/advisories/55166Vendor Advisory
- http://www.securityfocus.com/bid/62940
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10597Vendor Advisory
- http://osvdb.org/98325
- http://secunia.com/advisories/55166Vendor Advisory
- http://www.securityfocus.com/bid/62940
FAQ
What is CVE-2013-4689?
CVE-2013-4689 is a vulnerability with a CVSS score of 5.1 (MEDIUM). J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 a...
How severe is CVE-2013-4689?
CVE-2013-4689 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4689?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.