CVE-2013-4685

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
juniperjunos
10.4
juniperjunos
11.4
juniperjunos
12.1
juniperjunos
12.1x44:x44
junipersrx100
-
junipersrx110
-
junipersrx1400
-
junipersrx210
-
junipersrx220
-
junipersrx240
-
junipersrx3400
-
junipersrx3600
-
junipersrx550
-
junipersrx5600
-
junipersrx5800
-
junipersrx650
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125
http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125