Vulnerability CVE-2013-4685


Published: 2013-07-11   Modified: 2013-07-13

Description:
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Juniper -> Srx100 
Juniper -> Srx110 
Juniper -> Srx1400 
Juniper -> Srx210 
Juniper -> Srx220 
Juniper -> Srx240 
Juniper -> Srx3400 
Juniper -> Srx3600 
Juniper -> Srx550 
Juniper -> Srx5600 
Juniper -> Srx5800 
Juniper -> Srx650 
Juniper -> Junos 

 References:
http://kb.juniper.net/JSA10574

Copyright 2021, cxsecurity.com

 

Back to Top