Junos J-Web Sajax Remote Code Execution Vulnerability

Summary
Remote Code Execution on J-Web
Impact
A user with low privilege (such as read only access) may get complete administrative access. The vulnerability is limited to only users with valid, authenticated login credentials.
Solution
New builds of Junos OS software are available from Juniper. As a workaround disable J-Web.
Insight
Juniper Junos could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to restrict access to /jsdm/ajax/port.php. If J-Web is enabled, an attacker could send specially-crafted data to execute arbitrary OS commands on the system with root privileges.
Affected
Junos OS 10.4, 11.4, 12.1, 12.2 and 12.3.
Detection
Check the OS build.
References