Sign-up

ID

VAR-201307-0474


CVE

CVE-2013-4684


TITLE

Juniper Networks SRX Runs on the device Junos of flowd Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003331

DESCRIPTION

flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will result in denial-of-service conditions. The operating system provides a secure programming interface and Junos SDK. Denial of service exists in flowd (Flow Daemon) in Juniper Junos 10.4 releases prior to 10.4S14, 11.4 releases prior to 11.4R8, 12.1 releases prior to 12.1R7, and 12.1X44 releases prior to 12.1X44-D15 on SRX Series Server Gateway devices loophole

Trust: 1.98

sources: NVD: CVE-2013-4684 // JVNDB: JVNDB-2013-003331 // BID: 61127 // VULHUB: VHN-64686

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:10.4

Trust: 1.9

vendor:junipermodel:srx3600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx100scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx240scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx550scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx210scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx110scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx1400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx3400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx650scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx220scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5800scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:10.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r8

Trust: 0.8

vendor:junipermodel:srx3400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1r7

Trust: 0.8

vendor:junipermodel:srx210scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope: - version: -

Trust: 0.8

vendor:junipermodel:srx550scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5800scope: - version: -

Trust: 0.8

vendor:junipermodel:srx100scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x44-d15

Trust: 0.8

vendor:junipermodel:srx220scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:10.4s14

Trust: 0.8

vendor:junipermodel:srx5600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx110scope: - version: -

Trust: 0.8

vendor:junipermodel:srx240scope: - version: -

Trust: 0.8

vendor:junipermodel:srx1400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1

Trust: 0.8

vendor:junipermodel:srx3600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5800scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx550scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx240scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx220scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx210scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx1400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx110scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx100scope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 11.4r7-s1scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r6.6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r6-s2scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r5.5scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r3.7scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 10.4s13scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 10.4r6scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 10.4r14scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 10.4r11scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d15scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 11.4r8scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 10.4s14scope:neversion: -

Trust: 0.3

sources: BID: 61127 // JVNDB: JVNDB-2013-003331 // CNNVD: CNNVD-201307-228 // NVD: CVE-2013-4684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4684
value: HIGH

Trust: 1.0

NVD: CVE-2013-4684
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-228
value: HIGH

Trust: 0.6

VULHUB: VHN-64686
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4684
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64686
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64686 // JVNDB: JVNDB-2013-003331 // CNNVD: CNNVD-201307-228 // NVD: CVE-2013-4684

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-4684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-228

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-228

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003331

PATCH
title:JSA10573url:http://kb.juniper.net/JSA10573
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003331

EXTERNAL IDS
db:NVDid:CVE-2013-4684
Trust: 2.8
db:JUNIPERid:JSA10573
Trust: 2.0
db:BIDid:61127
Trust: 1.4
db:SECUNIAid:54157
Trust: 1.1
db:OSVDBid:95107
Trust: 1.1
db:JVNDBid:JVNDB-2013-003331
Trust: 0.8
db:CNNVDid:CNNVD-201307-228
Trust: 0.7
db:VULHUBid:VHN-64686
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64686 // 
            
            
            
            BID: 61127 // 
            
            
            
            JVNDB: JVNDB-2013-003331 // 
            
            
            
            CNNVD: CNNVD-201307-228 // 
            
            
            
            NVD: CVE-2013-4684

REFERENCES
url:http://kb.juniper.net/jsa10573
Trust: 1.7
url:http://www.securityfocus.com/bid/61127
Trust: 1.1
url:http://osvdb.org/95107
Trust: 1.1
url:http://secunia.com/advisories/54157
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4684
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4684
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10573
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64686 // 
            
            
            
            BID: 61127 // 
            
            
            
            JVNDB: JVNDB-2013-003331 // 
            
            
            
            CNNVD: CNNVD-201307-228 // 
            
            
            
            NVD: CVE-2013-4684

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61127

SOURCES
db:VULHUBid:VHN-64686
db:BIDid:61127
db:JVNDBid:JVNDB-2013-003331
db:CNNVDid:CNNVD-201307-228
db:NVDid:CVE-2013-4684

LAST UPDATE DATE
2024-11-23T23:02:52.019000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64686date:2013-08-22T00:00:00
db:BIDid:61127date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003331date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-228date:2013-07-12T00:00:00
db:NVDid:CVE-2013-4684date:2024-11-21T01:56:03.557

SOURCES RELEASE DATE
db:VULHUBid:VHN-64686date:2013-07-11T00:00:00
db:BIDid:61127date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003331date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-228date:2013-07-12T00:00:00
db:NVDid:CVE-2013-4684date:2013-07-11T14:55:01.310