OpenCVE

flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos Srx100 Srx110 Srx1400 Srx210 Srx220 Srx240 Srx3400 Srx3600 Srx550 Srx5600 Srx5800 Srx650

Configuration 1 [-]

AND

cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*

OR	cpe:2.3:h:juniper:srx100:-:::::::*
	cpe:2.3:h:juniper:srx110:-:::::::*
	cpe:2.3:h:juniper:srx1400:-:::::::*
	cpe:2.3:h:juniper:srx210:-:::::::*
	cpe:2.3:h:juniper:srx220:-:::::::*
	cpe:2.3:h:juniper:srx240:-:::::::*
	cpe:2.3:h:juniper:srx3400:-:::::::*
	cpe:2.3:h:juniper:srx3600:-:::::::*
	cpe:2.3:h:juniper:srx550:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*
	cpe:2.3:h:juniper:srx650:-:::::::*

No data.

References

Link	Providers
http://kb.juniper.net/JSA10578
http://www.securityfocus.com/bid/61124

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-11T14:00:00

Updated: 2024-08-06T16:52:26.922Z

Reserved: 2013-06-26T00:00:00

Link: CVE-2013-4688

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-11T14:55:01.403

Modified: 2024-11-21T01:56:04.120

Link: CVE-2013-4688

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-10T00:00:00", "descriptions": [{"lang": "en", "value": "flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "61124", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61124"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/JSA10578"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "61124", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61124"}, {"name": "http://kb.juniper.net/JSA10578", "refsource": "CONFIRM", "url": "http://kb.juniper.net/JSA10578"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:26.922Z"}, "title": "CVE Program Container", "references": [{"name": "61124", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61124"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/JSA10578"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4688", "datePublished": "2013-07-11T14:00:00", "dateReserved": "2013-06-26T00:00:00", "dateUpdated": "2024-08-06T16:52:26.922Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*", "matchCriteriaId": "45C2DA1E-12A7-4018-92CE-7621FC278025", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": true}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MSRPC Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted MSRPC requests, aka PR 772834."}, {"lang": "es", "value": "El flujo de Juniper Junos v10.4 antes de v10.4R11 para dispositivos SRX, cuando el MSRPC Application Layer Gateway (ALG) est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicios (ca\u00edda del demonio) a trav\u00e9s de peticiones MSRPC, tambi\u00e9n conocido como PR 772834."}], "id": "CVE-2013-4688", "lastModified": "2024-11-21T01:56:04.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-11T14:55:01.403", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://kb.juniper.net/JSA10578"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/61124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://kb.juniper.net/JSA10578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61124"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}