You are here

V-220: Juniper Security Threat Response Manager Lets Remote Authenticated Users Execute Arbitrary Commands

August 17, 2013 - 4:01am

Addthis

PROBLEM:

 A remote authenticated user can execute arbitrary commands on the target system.

PLATFORM:

2010.0, 2012.0, 2012.1, 2013.1

ABSTRACT:

A vulnerability was reported in Juniper Security Threat Response Manager (STRM)

REFERENCE LINKS:

 SecurityTracker Alert ID:  1028921
CVE-2013-2970 

IMPACT ASSESSMENT:

High

DISCUSSION:

A remote authenticated user can inject commands to execute arbitrary operating system commands with the privileges of the target web service. This can be exploited to gain shell access on the target device.

IMPACT:

Execution of arbitrary code via network, User access via network

SOLUTION:

The vendor has issued a fix (2013.2.R2).   
 

Addthis