CVE-2013-6014

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.

CVSS v3 9.3 CRITICAL
CVSS v2.0 6.1 MEDIUM

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 5.8

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:N/I:C/A:N

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References

Link	Resource
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:10.4:::::::*
	cpe:2.3:o:juniper:junos:11.4:::::::*
	cpe:2.3:o:juniper:junos:11.4x27:::::::*
	cpe:2.3:o:juniper:junos:12.1:::::::*
	cpe:2.3:o:juniper:junos:12.1x44:::::::*
	cpe:2.3:o:juniper:junos:12.1x45:::::::*
	cpe:2.3:o:juniper:junos:12.2:::::::*
	cpe:2.3:o:juniper:junos:12.3:::::::*
	cpe:2.3:o:juniper:junos:13.1:::::::*
	cpe:2.3:o:juniper:junos:13.2:::::::*

History

No history.

Information

Published : 2013-10-28 22:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-6014

Mitre link : CVE-2013-6014

CVE.ORG link : CVE-2013-6014

JSON object : View

Products Affected

juniper

junos

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-6014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}]}, "published": "2013-10-28T22:55:04.133", "references": [{"url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message."}, {"lang": "es", "value": "Juniper Junos 10.4 anterior a 10.4S15, 11.4 anterior a 11.4R9, 11.4X27 anterior a 11.4X27.44, 12.1 anterior a 12.1R7, 12.1X44 anterior a 12.1X44-D20, 12.1X45 anterior a 12.1X45-D15, 12.2 anterior a 12.2R6, 12.3 anterior a 12.3R3, 13.1 anterior a 13.1R3, y 13.2 anterior a 13.2R1, cuando Proxy ARP est\u00e1 activo en una interfaz sin numerar, permite a atacantes remotos ejecutar envenenamiento ARP y posiblemente obtener informaci\u00f3n sensible a trav\u00e9s de un mensaje ARP manipulado."}], "lastModified": "2019-09-27T17:24:19.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C2DA1E-12A7-4018-92CE-7621FC278025"}, {"criteria": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41543223-0FA9-4CBE-8DEC-717CE5FFED79"}, {"criteria": "cpe:2.3:o:juniper:junos:11.4x27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80EFC6D6-43F9-4277-ACAC-D5929AF6FF7D"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B40B8FD6-A597-4845-8E8E-63EFDF606006"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B307477-C5F2-4D98-AF4C-640D326164C7"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E747970-4C27-4B46-9163-964252CB98F6"}, {"criteria": "cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FB9541A-2570-459A-87D6-5341C67B8EC8"}, {"criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F"}, {"criteria": "cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71FB12AC-DB5A-444A-81E0-C0DDD06810EB"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAB7D840-9469-4CE2-8DBF-017A44741374"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}