A CSRF Protection bypass in J-Web allows an attacker to gain unauthorized access to the affected device.

An attacker can perform adimistrative actions such as creating new administrative accounts to gain complete control over the device.

New builds of Junos OS software are available from Juniper. As a workaround disable J-Web or limit access to only trusted hosts.

A vulnerability in J-Web may allow remote attackers to bypass CSRF (Cross-Site Request Forgery) Protection in J-Web.

Plattforms running Junos OS 10.4, 11.4, 12.1, 12.1X44, 12.2, 12.3, or 13.1.

Check the OS build.

• http://kb.juniper.net/JSA10597
• http://www.securityfocus.com/bid/62940

---

Updated on 2015-03-25