Vulnerability Description
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 10.4 |
| Juniper | Srx100 | - |
| Juniper | Srx110 | - |
| Juniper | Srx1400 | - |
| Juniper | Srx210 | - |
| Juniper | Srx220 | - |
| Juniper | Srx240 | - |
| Juniper | Srx3400 | - |
| Juniper | Srx3600 | - |
| Juniper | Srx550 | - |
| Juniper | Srx5600 | - |
| Juniper | Srx5800 | - |
| Juniper | Srx650 | - |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/JSA10574Vendor Advisory
- http://osvdb.org/95108
- http://www.securityfocus.com/bid/61125
- http://kb.juniper.net/JSA10574Vendor Advisory
- http://osvdb.org/95108
- http://www.securityfocus.com/bid/61125
FAQ
What is CVE-2013-4685?
CVE-2013-4685 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforc...
How severe is CVE-2013-4685?
CVE-2013-4685 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4685?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Srx100, Juniper Srx110, Juniper Srx1400, Juniper Srx210.