Vulnerability Details : CVE-2013-6014
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
Vulnerability category: Information leak
Products affected by CVE-2013-6014
- cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6014
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:C/A:N |
6.5
|
6.9
|
NIST | |
9.3
|
CRITICAL | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H |
2.8
|
5.8
|
NIST |
CWE ids for CVE-2013-6014
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6014
-
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595
Juniper Networks - 2013-10 Security Bulletin: Junos: Security issue with Proxy ARP enabled on unnumbered interface (CVE-2013-6014)Vendor Advisory
Jump to