Sign-up

ID

VAR-201307-0478


CVE

CVE-2013-4688


TITLE

Juniper Networks SRX Runs on the device Junos of flowd Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003335

DESCRIPTION

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834. Vendors have confirmed this vulnerability PR 772834 It is released as.Skillfully crafted by a third party MSRPC Service disruption via request ( Daemon crash ) There is a possibility of being put into a state. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue will result in denial-of-service conditions. Juniper Networks Junos 10.4 is vulnerable; other versions may also be affected. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in flowd (the Flow daemon) in Juniper Junos 10.4 releases prior to 10.4R11 on SRX Series Server Gateway devices

Trust: 1.98

sources: NVD: CVE-2013-4688 // JVNDB: JVNDB-2013-003335 // BID: 61124 // VULHUB: VHN-64690

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:10.4

Trust: 1.9

vendor:junipermodel:srx3600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx100scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx240scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx550scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx210scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx1400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx110scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx3400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx650scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx220scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5800scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx210scope: - version: -

Trust: 0.8

vendor:junipermodel:srx240scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5800scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope: - version: -

Trust: 0.8

vendor:junipermodel:srx1400scope: - version: -

Trust: 0.8

vendor:junipermodel:srx100scope: - version: -

Trust: 0.8

vendor:junipermodel:srx3400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:10.4

Trust: 0.8

vendor:junipermodel:srx220scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx3600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx110scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:10.4r11

Trust: 0.8

vendor:junipermodel:srx550scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5800scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx5600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx550scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3600scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx3400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx240scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx220scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx210scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx1400scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx110scope:eqversion:0

Trust: 0.3

vendor:junipermodel:srx100scope:eqversion:0

Trust: 0.3

vendor:junipermodel:junos 10.4r11scope:neversion: -

Trust: 0.3

sources: BID: 61124 // JVNDB: JVNDB-2013-003335 // CNNVD: CNNVD-201307-232 // NVD: CVE-2013-4688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4688
value: HIGH

Trust: 1.0

NVD: CVE-2013-4688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-232
value: HIGH

Trust: 0.6

VULHUB: VHN-64690
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4688
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64690
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64690 // JVNDB: JVNDB-2013-003335 // CNNVD: CNNVD-201307-232 // NVD: CVE-2013-4688

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-4688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-232

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003335

PATCH
title:JSA10578url:http://kb.juniper.net/JSA10578
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003335

EXTERNAL IDS
db:NVDid:CVE-2013-4688
Trust: 2.8
db:JUNIPERid:JSA10578
Trust: 2.0
db:BIDid:61124
Trust: 1.4
db:JVNDBid:JVNDB-2013-003335
Trust: 0.8
db:CNNVDid:CNNVD-201307-232
Trust: 0.7
db:VULHUBid:VHN-64690
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64690 // 
            
            
            
            BID: 61124 // 
            
            
            
            JVNDB: JVNDB-2013-003335 // 
            
            
            
            CNNVD: CNNVD-201307-232 // 
            
            
            
            NVD: CVE-2013-4688

REFERENCES
url:http://kb.juniper.net/jsa10578
Trust: 1.7
url:http://www.securityfocus.com/bid/61124
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4688
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4688
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10578
Trust: 0.3
sources:
            
            
            VULHUB: VHN-64690 // 
            
            
            
            BID: 61124 // 
            
            
            
            JVNDB: JVNDB-2013-003335 // 
            
            
            
            CNNVD: CNNVD-201307-232 // 
            
            
            
            NVD: CVE-2013-4688

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 61124

SOURCES
db:VULHUBid:VHN-64690
db:BIDid:61124
db:JVNDBid:JVNDB-2013-003335
db:CNNVDid:CNNVD-201307-232
db:NVDid:CVE-2013-4688

LAST UPDATE DATE
2024-11-23T22:23:13.791000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64690date:2013-08-22T00:00:00
db:BIDid:61124date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003335date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-232date:2013-07-19T00:00:00
db:NVDid:CVE-2013-4688date:2024-11-21T01:56:04.120

SOURCES RELEASE DATE
db:VULHUBid:VHN-64690date:2013-07-11T00:00:00
db:BIDid:61124date:2013-07-11T00:00:00
db:JVNDBid:JVNDB-2013-003335date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-232date:2013-07-12T00:00:00
db:NVDid:CVE-2013-4688date:2013-07-11T14:55:01.403