Sign-up

ID

VAR-201310-0384


CVE

CVE-2013-6012


TITLE

Juniper Junos Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-004938

DESCRIPTION

Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks. Juniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence

Trust: 1.98

sources: NVD: CVE-2013-6012 // JVNDB: JVNDB-2013-004938 // BID: 63389 // VULHUB: VHN-66014

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x45

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.9

vendor:junipermodel:junos osscope:eqversion:12.1x44-d20

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x45-d15

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x45

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:junos 12.1x45-d15scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20scope:neversion: -

Trust: 0.3

sources: BID: 63389 // JVNDB: JVNDB-2013-004938 // CNNVD: CNNVD-201310-630 // NVD: CVE-2013-6012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6012
value: HIGH

Trust: 1.0

NVD: CVE-2013-6012
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201310-630
value: HIGH

Trust: 0.6

VULHUB: VHN-66014
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6012
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66014
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66014 // JVNDB: JVNDB-2013-004938 // CNNVD: CNNVD-201310-630 // NVD: CVE-2013-6012

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-66014 // JVNDB: JVNDB-2013-004938 // NVD: CVE-2013-6012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-630

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201310-630

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004938

PATCH
title:JSA10593url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10593
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004938

EXTERNAL IDS
db:NVDid:CVE-2013-6012
Trust: 2.8
db:JUNIPERid:JSA10593
Trust: 2.0
db:BIDid:63389
Trust: 1.4
db:JVNDBid:JVNDB-2013-004938
Trust: 0.8
db:CNNVDid:CNNVD-201310-630
Trust: 0.7
db:VULHUBid:VHN-66014
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66014 // 
            
            
            
            BID: 63389 // 
            
            
            
            JVNDB: JVNDB-2013-004938 // 
            
            
            
            CNNVD: CNNVD-201310-630 // 
            
            
            
            NVD: CVE-2013-6012

REFERENCES
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10593
Trust: 1.9
url:http://www.securityfocus.com/bid/63389
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6012
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6012
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10593
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66014 // 
            
            
            
            BID: 63389 // 
            
            
            
            JVNDB: JVNDB-2013-004938 // 
            
            
            
            CNNVD: CNNVD-201310-630 // 
            
            
            
            NVD: CVE-2013-6012

CREDITS
Juniper Networks
Trust: 0.3
sources:
            
            
            BID: 63389

SOURCES
db:VULHUBid:VHN-66014
db:BIDid:63389
db:JVNDBid:JVNDB-2013-004938
db:CNNVDid:CNNVD-201310-630
db:NVDid:CVE-2013-6012

LAST UPDATE DATE
2025-04-11T23:14:41.839000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66014date:2013-11-03T00:00:00
db:BIDid:63389date:2013-10-28T00:00:00
db:JVNDBid:JVNDB-2013-004938date:2013-10-30T00:00:00
db:CNNVDid:CNNVD-201310-630date:2013-11-01T00:00:00
db:NVDid:CVE-2013-6012date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-66014date:2013-10-28T00:00:00
db:BIDid:63389date:2013-10-28T00:00:00
db:JVNDBid:JVNDB-2013-004938date:2013-10-30T00:00:00
db:CNNVDid:CNNVD-201310-630date:2013-10-30T00:00:00
db:NVDid:CVE-2013-6012date:2013-10-28T22:55:04.087