CVE-2013-4685
Description
Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
9.374
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are fixed in junos 10.4s14 | NCM |
| Vulnerabilities CVE-2013-4685,CVE-2013-4689 are fixed in junos 11.4r7 | NCM |
| Vulnerabilities CVE-2013-4685,CVE-2013-4687,CVE-2013-4689 are fixed in junos 12.1r6 | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4685) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234