Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Juniper NSM Vendors:   Juniper, NetScreen
Juniper NSM XDB Service Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1030253
SecurityTracker URL:
CVE Reference:   CVE-2014-3411   (Links to External Site)
Date:  May 16 2014
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NSM3000, NSMXpress; software prior to 2012.2R8
Description:   A vulnerability was reported in Juniper NSM. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a flaw in the XDB service and execute arbitrary code on the target system. The code will run with root privileges.

This can be exploited to gain access to devices managed by the target NSM.

The vendor has assigned PR 965082 to this vulnerability.

The NSM3000 and NSMXpress are affected.

An anonymous user (via HP's Zero Day Initiative) reported this vulnerability.

Impact:   A remote user can execute arbitrary code with root privileges on the target system.
Solution:   The vendor has issued a fix (2012.2R8).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Enterprise), UNIX (Solaris - SunOS)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC