Sign-up

ID

VAR-201307-0475


CVE

CVE-2013-4685


TITLE

Juniper Networks SRX Runs on the device Junos of flowd Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-003332

DESCRIPTION

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100. Vendors have confirmed this vulnerability PR 849100 It is released as.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Juniper Networks Junos is prone to a remote buffer-overflow vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. The operating system provides a secure programming interface and Junos SDK. Buffering exists in flowd (Flow Daemon) in Juniper Junos 10.4 releases prior to 10.4S14, 11.4 releases prior to 11.4R7, 12.1 releases prior to 12.1R6, and 12.1X44 releases prior to 12.1X44-D15 on SRX Series Server Gateway devices area overflow vulnerability

Trust: 1.98

sources: NVD: CVE-2013-4685 // JVNDB: JVNDB-2013-003332 // BID: 61125 // VULHUB: VHN-64687

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:10.4

Trust: 1.9

vendor:junipermodel:srx3600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx100scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx240scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx550scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx210scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx110scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx1400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx3400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx650scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx220scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5800scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:10.4

Trust: 0.8

vendor:junipermodel:srx3400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:srx210scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r7

Trust: 0.8

vendor:junipermodel:srx550scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5800scope: - version: -

Trust: 0.8

vendor:junipermodel:srx100scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1r6

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x44-d15

Trust: 0.8

vendor:junipermodel:srx220scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:10.4s14

Trust: 0.8

vendor:junipermodel:srx5600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx110scope: - version: -

Trust: 0.8

vendor:junipermodel:srx240scope: - version: -

Trust: 0.8

vendor:junipermodel:srx1400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1

Trust: 0.8

vendor:junipermodel:srx3600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5800scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx550scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx240scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx220scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx210scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx1400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx110scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx100scope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d15scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1r6scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 11.4r7scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 10.4s14scope:neversion: -

Trust: 0.3

sources: BID: 61125 // JVNDB: JVNDB-2013-003332 // CNNVD: CNNVD-201307-229 // NVD: CVE-2013-4685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4685
value: HIGH

Trust: 1.0

NVD: CVE-2013-4685
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-229
value: CRITICAL

Trust: 0.6

VULHUB: VHN-64687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4685
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64687
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64687 // JVNDB: JVNDB-2013-003332 // CNNVD: CNNVD-201307-229 // NVD: CVE-2013-4685

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-64687 // JVNDB: JVNDB-2013-003332 // NVD: CVE-2013-4685

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-229

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201307-229

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003332

PATCH
title:JSA10574url:http://kb.juniper.net/JSA10574
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003332

EXTERNAL IDS
db:NVDid:CVE-2013-4685
Trust: 2.8
db:JUNIPERid:JSA10574
Trust: 2.0
db:BIDid:61125
Trust: 1.4
db:OSVDBid:95108
Trust: 1.1
db:JVNDBid:JVNDB-2013-003332
Trust: 0.8
db:CNNVDid:CNNVD-201307-229
Trust: 0.7
db:VULHUBid:VHN-64687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64687 // 
            
            
            
            BID: 61125 // 
            
            
            
            JVNDB: JVNDB-2013-003332 // 
            
            
            
            CNNVD: CNNVD-201307-229 // 
            
            
            
            NVD: CVE-2013-4685

REFERENCES
url:http://kb.juniper.net/jsa10574
Trust: 1.7
url:http://www.securityfocus.com/bid/61125
Trust: 1.1
url:http://osvdb.org/95108
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4685
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4685
Trust: 0.8
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10574
Trust: 0.3
url:http://www.juniper.net/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64687 // 
            
            
            
            BID: 61125 // 
            
            
            
            JVNDB: JVNDB-2013-003332 // 
            
            
            
            CNNVD: CNNVD-201307-229 // 
            
            
            
            NVD: CVE-2013-4685

CREDITS
The vendor reported this issue
Trust: 0.3
sources:
            
            
            BID: 61125

SOURCES
db:VULHUBid:VHN-64687
db:BIDid:61125
db:JVNDBid:JVNDB-2013-003332
db:CNNVDid:CNNVD-201307-229
db:NVDid:CVE-2013-4685

LAST UPDATE DATE
2024-11-23T22:59:47.095000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64687date:2013-08-22T00:00:00
db:BIDid:61125date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003332date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-229date:2013-07-19T00:00:00
db:NVDid:CVE-2013-4685date:2024-11-21T01:56:03.703

SOURCES RELEASE DATE
db:VULHUBid:VHN-64687date:2013-07-11T00:00:00
db:BIDid:61125date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003332date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-229date:2013-07-12T00:00:00
db:NVDid:CVE-2013-4685date:2013-07-11T14:55:01.350