Junos CSRF Protection Bypass Vulnerability in J-Web

Summary
A CSRF Protection bypass in J-Web allows an attacker to gain unauthorized access to the affected device.
Impact
An attacker can perform adimistrative actions such as creating new administrative accounts to gain complete control over the device.
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable J-Web or limit access to only trusted hosts.
Insight
A vulnerability in J-Web may allow remote attackers to bypass CSRF (Cross-Site Request Forgery) Protection in J-Web.
Affected
Plattforms running Junos OS 10.4, 11.4, 12.1, 12.1X44, 12.2, 12.3, or 13.1.
Detection
Check the OS build.
References