Details of VAR-201310-0398

ID

VAR-201310-0398

CVE

CVE-2013-6015

TITLE

Juniper Networks SRX Runs on the series service gateway Junos Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004806

DESCRIPTION

Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. Note: To exploit this issue, attackers require a plugin (e.g. ALGs, UTM) configured to use a TCP proxy. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Junos running on SRX Series Services Gateway devices. The following versions are affected: Junos 10.4 and earlier, 11.4, 12.1, 12.1X44, 12.1X45

Trust: 1.98

sources: NVD: CVE-2013-6015 // JVNDB: JVNDB-2013-004806 // BID: 62963 // VULHUB: VHN-66017

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	9.4	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	9.0	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	8.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	8.3	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	9.1	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	9.5	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	9.2	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	8.4	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	9.6	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.3
vendor:	juniper	model:	junos	scope:	eq	version:	4.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	6.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	4.0	Trust: 1.0
vendor:	juniper	model:	junos	scope:	lte	version:	10.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	4.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	6.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.0	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	8.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.7	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	8.0	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	4.3	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.5	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.6	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	6.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	4.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	6.2	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	6.0	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.4	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.6	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.5	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.0	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	5.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	7.1	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 0.9
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	srx3400	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4r5-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4	Trust: 0.8
vendor:	juniper	model:	srx210	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx650	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx550	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d15	Trust: 0.8
vendor:	juniper	model:	srx5800	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	srx100	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx220	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx5600	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx110	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx240	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1r	Trust: 0.8
vendor:	juniper	model:	srx1400	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx3600	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	srx650	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx5800	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx5600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx3600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx3400	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx240	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx210	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	srx100	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r6.6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r5-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4s14	scope:	ne	version:	-	Trust: 0.3

sources: BID: 62963 // JVNDB: JVNDB-2013-004806 // CNNVD: CNNVD-201310-258 // NVD: CVE-2013-6015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6015
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6015
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-258
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66017
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6015
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66017
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66017 // JVNDB: JVNDB-2013-004806 // CNNVD: CNNVD-201310-258 // NVD: CVE-2013-6015

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66017 // JVNDB: JVNDB-2013-004806 // NVD: CVE-2013-6015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-258

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-258

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004806

PATCH

title:

JSA10596

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10596

Trust: 0.8

sources: JVNDB: JVNDB-2013-004806

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6015	Trust: 2.8
db:	JUNIPER	id:	JSA10596	Trust: 2.0
db:	SECUNIA	id:	55218	Trust: 1.7
db:	SECTRACK	id:	1029177	Trust: 1.1
db:	OSVDB	id:	98368	Trust: 1.1
db:	BID	id:	62963	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004806	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-258	Trust: 0.7
db:	VULHUB	id:	VHN-66017	Trust: 0.1

sources: VULHUB: VHN-66017 // BID: 62963 // JVNDB: JVNDB-2013-004806 // CNNVD: CNNVD-201310-258 // NVD: CVE-2013-6015

REFERENCES

url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10596	Trust: 1.9
url:	http://secunia.com/advisories/55218	Trust: 1.7
url:	http://osvdb.org/98368	Trust: 1.1
url:	http://www.securitytracker.com/id/1029177	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6015	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6015	Trust: 0.8
url:	http://www.securityfocus.com/bid/62963	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10596	Trust: 0.1

sources: VULHUB: VHN-66017 // BID: 62963 // JVNDB: JVNDB-2013-004806 // CNNVD: CNNVD-201310-258 // NVD: CVE-2013-6015

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 62963

SOURCES

db:	VULHUB	id:	VHN-66017
db:	BID	id:	62963
db:	JVNDB	id:	JVNDB-2013-004806
db:	CNNVD	id:	CNNVD-201310-258
db:	NVD	id:	CVE-2013-6015

LAST UPDATE DATE

2024-11-23T22:08:29.149000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66017	date:	2016-10-07T00:00:00
db:	BID	id:	62963	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004806	date:	2013-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201310-258	date:	2013-10-21T00:00:00
db:	NVD	id:	CVE-2013-6015	date:	2024-11-21T01:58:37.577

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66017	date:	2013-10-17T00:00:00
db:	BID	id:	62963	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004806	date:	2013-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201310-258	date:	2013-10-17T00:00:00
db:	NVD	id:	CVE-2013-6015	date:	2013-10-17T23:55:04.673