Sign-up

ID

VAR-201312-0247


CVE

CVE-2013-6958


TITLE

Juniper ScreenOS vulnerable to denial-of-service (DoS)

Trust: 0.8

sources: JVNDB: JVNDB-2013-000119

DESCRIPTION

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When processing a malicious packet, the device may hang. ScreenOS is prone to an unspecified denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial-of-service conditions. ScreenOS 5.4, 6.2.0, and 6.3.0 are vulnerable. Juniper Networks NetScreen Firewall running Juniper ScreenOS is an operating system of Juniper Networks (Juniper Networks) that runs on NetScreen series firewalls. ############################################################## FFRI, Inc. === Reference === CVE No. : CVE-2013-6958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958 Mozilla Foundation Security Advisory : https://www.mozilla.org/security/announce/2013/mfsa2013-33.html FFRI Advisory URL: http://www.ffri.jp/cgi-bin/advisory/advisory.cgi?type=release&id=FFRRA-20131213 === About FFRI === FFRI is a leading security products and service vendor in Japan providing innovative security software and vulnerability research information. Our commitment is to secure our IT-driven society by protecting information system from unpredictable threats. http://www.ffri.jp research-feedback@ffri.jp === Copyright === 2007 - 2014 FFRI, Inc. All rights reserved

Trust: 2.07

sources: NVD: CVE-2013-6958 // JVNDB: JVNDB-2013-000119 // BID: 64260 // VULHUB: VHN-66960 // PACKETSTORM: 124903

AFFECTED PRODUCTS

vendor:junipermodel:screenosscope:eqversion:6.2.0

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.3.0

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:5.4.0

Trust: 1.6

vendor:junipermodel:netscreen-5400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:netscreen-5200scope:eqversion: -

Trust: 1.0

vendor:junipermodel:screenosscope:eqversion:version 5.4 (ns 5gt only)

Trust: 0.8

vendor:junipermodel:screenosscope:eqversion:version 6.2

Trust: 0.8

vendor:junipermodel:screenosscope:eqversion:version 6.3

Trust: 0.8

vendor:junipermodel:networks screenosscope:eqversion:5.4

Trust: 0.3

sources: BID: 64260 // JVNDB: JVNDB-2013-000119 // CNNVD: CNNVD-201312-308 // NVD: CVE-2013-6958

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6958
value: HIGH

Trust: 1.0

IPA: JVNDB-2013-000119
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201312-308
value: HIGH

Trust: 0.6

VULHUB: VHN-66960
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6958
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-000119
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-66960
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66960 // JVNDB: JVNDB-2013-000119 // CNNVD: CNNVD-201312-308 // NVD: CVE-2013-6958

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-6958

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-308

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201312-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-000119

PATCH
title:2013-12 Security Bulletin: NetScreen Firewall: Crafted packet can cause denial of service (CVE-2013-6958)url:http://kb.juniper.net/JSA10604
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-000119

EXTERNAL IDS
db:NVDid:CVE-2013-6958
Trust: 2.9
db:JVNid:JVN28436508
Trust: 1.9
db:JVNDBid:JVNDB-2013-000119
Trust: 1.9
db:OSVDBid:100861
Trust: 1.7
db:JUNIPERid:JSA10604
Trust: 1.7
db:SECTRACKid:1029490
Trust: 1.1
db:CNNVDid:CNNVD-201312-308
Trust: 0.7
db:SECUNIAid:56086
Trust: 0.6
db:SECUNIAid:56089
Trust: 0.6
db:BIDid:64260
Trust: 0.4
db:PACKETSTORMid:124903
Trust: 0.2
db:SEEBUGid:SSVID-61109
Trust: 0.1
db:VULHUBid:VHN-66960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66960 // 
            
            
            
            BID: 64260 // 
            
            
            
            JVNDB: JVNDB-2013-000119 // 
            
            
            
            PACKETSTORM: 124903 // 
            
            
            
            CNNVD: CNNVD-201312-308 // 
            
            
            
            NVD: CVE-2013-6958

REFERENCES
url:http://jvn.jp/en/jp/jvn28436508/index.html
Trust: 1.9
url:https://kb.juniper.net/jsa10604
Trust: 1.7
url:http://osvdb.org/100861
Trust: 1.7
url:http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000119.html
Trust: 1.1
url:http://www.securitytracker.com/id/1029490
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6958
Trust: 0.9
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6958
Trust: 0.8
url:http://secunia.com/advisories/56086
Trust: 0.6
url:http://secunia.com/advisories/56089
Trust: 0.6
url:http://www.juniper.net/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2013-6958
Trust: 0.1
url:http://www.ffri.jp/cgi-bin/advisory/advisory.cgi?type=release&id=ffrra-20131213
Trust: 0.1
url:https://www.mozilla.org/security/announce/2013/mfsa2013-33.html
Trust: 0.1
url:http://www.ffri.jp
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66960 // 
            
            
            
            BID: 64260 // 
            
            
            
            JVNDB: JVNDB-2013-000119 // 
            
            
            
            PACKETSTORM: 124903 // 
            
            
            
            CNNVD: CNNVD-201312-308 // 
            
            
            
            NVD: CVE-2013-6958

CREDITS
Shuichiro Suzuki of FFRI, Inc
Trust: 0.3
sources:
            
            
            BID: 64260

SOURCES
db:VULHUBid:VHN-66960
db:BIDid:64260
db:JVNDBid:JVNDB-2013-000119
db:PACKETSTORMid:124903
db:CNNVDid:CNNVD-201312-308
db:NVDid:CVE-2013-6958

LAST UPDATE DATE
2024-11-23T22:42:39.012000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66960date:2014-01-04T00:00:00
db:BIDid:64260date:2014-01-22T17:45:00
db:JVNDBid:JVNDB-2013-000119date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-308date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6958date:2024-11-21T02:00:03.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-66960date:2013-12-13T00:00:00
db:BIDid:64260date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-000119date:2013-12-13T00:00:00
db:PACKETSTORMid:124903date:2014-01-23T00:22:22
db:CNNVDid:CNNVD-201312-308date:2013-12-17T00:00:00
db:NVDid:CVE-2013-6958date:2013-12-13T18:07:54.437