Vulnerability Details : CVE-2013-6170
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
Vulnerability category: Denial of service
Products affected by CVE-2013-6170
- cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.2:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:11.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6170
0.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6170
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-6170
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6170
-
http://secunia.com/advisories/55216
Sign inVendor Advisory
-
http://www.securitytracker.com/id/1029176
Juniper Junos PIM Join Message Processing Flaw Lets Remote Authenticated Users Deny Service - SecurityTracker
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10548
Juniper Networks - 2013-01 Security Bulletin: Junos: PIM (S,G) join flood can trigger RPD crashVendor Advisory
-
http://www.securityfocus.com/bid/62973
Juniper Networks Junos Remote Denial of Service Vulnerability
Jump to