Vulnerability Details : CVE-2013-6013
Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-6013
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6013
10.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6013
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-6013
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6013
-
http://www.securitytracker.com/id/1029175
Juniper Junos SRX Series Gateway Buffer Overflow in Telnet Firewall Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10594
Juniper Networks - 2013-10 Security Bulletin: Junos: SRX flowd core due to buffer overflow while processing telnet protocol (CVE-2013-6013)Vendor Advisory
-
http://www.securityfocus.com/bid/62962
Juniper Networks Junos Telnet Messages Remote Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87847
Juniper Junos Flow Daemon buffer overflow CVE-2013-6013 Vulnerability Report
Jump to