Vulnerability Details : CVE-2013-6015
Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-6015
- cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6015
0.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-6015
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6015
-
http://www.securitytracker.com/id/1029177
Juniper Junos SRX Series Gateway TCP Proxy Bug Lets Remote Users Deny Service - SecurityTracker
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10596
Juniper Networks - 2013-10 Security Bulletin: Junos: SRX flowd crash when processing a certain valid sequence of TCP packets (CVE-2013-6015)Vendor Advisory
Jump to