CSRF Protection Bypass in Juniper Junos J-Web

CSRF Protection Bypass in Juniper Junos J-Web

CVE-2013-4689 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R before 12.1R6, 12.1X44 before 12.1X44-D15, 12.1x45 before 12.1X45-D10, 12.2 before 12.2R3, 12.3 before 12.3R2, and 13.1 before 13.1R3 allow remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators for requests that (1) create new administrator accounts or (2) have other unspecified impacts.

Learn more about our Cis Benchmark Audit For Juniper.