CVE-2013-4685

EUVD-2013-4538
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
juniperjunos
10.4
juniperjunos
11.4
juniperjunos
12.1
juniperjunos
12.1x44:x44
junipersrx100
-
junipersrx110
-
junipersrx1400
-
junipersrx210
-
junipersrx220
-
junipersrx240
-
junipersrx3400
-
junipersrx3600
-
junipersrx550
-
junipersrx5600
-
junipersrx5800
-
junipersrx650
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125
http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125