Details of VAR-201310-0386

ID

VAR-201310-0386

CVE

CVE-2013-6014

TITLE

Juniper Junos In ARP Vulnerability to perform poisoning attacks

Trust: 0.8

sources: JVNDB: JVNDB-2013-004939

DESCRIPTION

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions or to obtain sensitive information. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 10.4, 11.4, 11.4X27, 12.1, 12.1X44, 12.1X45, 12.2, 12.3, 13.1

Trust: 1.98

sources: NVD: CVE-2013-6014 // JVNDB: JVNDB-2013-004939 // BID: 63391 // VULHUB: VHN-66016

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4x27	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.6
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4r9	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	10.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	10.4s15	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4x27	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d15	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4x27.44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.2r6	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.1r3	Trust: 0.8
vendor:	juniper	model:	junos 13.1r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d10	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r5-s3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r8	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7-s1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r6.6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r6-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r5.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r5-s2	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r3.7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4s14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4s13	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r7	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r6	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r14	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r13	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r11	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r3	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r6	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos	scope:	ne	version:	11.4x27.44	Trust: 0.3
vendor:	juniper	model:	junos 11.4r9	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4s15	scope:	ne	version:	-	Trust: 0.3

sources: BID: 63391 // JVNDB: JVNDB-2013-004939 // CNNVD: CNNVD-201310-631 // NVD: CVE-2013-6014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6014
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2013-6014
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-631
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-66016
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6014
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66016
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2013-6014
baseSeverity:	CRITICAL
baseScore:	9.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.8
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-66016 // JVNDB: JVNDB-2013-004939 // CNNVD: CNNVD-201310-631 // NVD: CVE-2013-6014

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-66016 // JVNDB: JVNDB-2013-004939 // NVD: CVE-2013-6014

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201310-631

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201310-631

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004939

PATCH

title:	JSA10595	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595	Trust: 0.8
title:	Juniper Junos Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98718	Trust: 0.6

sources: JVNDB: JVNDB-2013-004939 // CNNVD: CNNVD-201310-631

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6014	Trust: 2.8
db:	JUNIPER	id:	JSA10595	Trust: 2.0
db:	JVNDB	id:	JVNDB-2013-004939	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-631	Trust: 0.7
db:	BID	id:	63391	Trust: 0.4
db:	VULHUB	id:	VHN-66016	Trust: 0.1

sources: VULHUB: VHN-66016 // BID: 63391 // JVNDB: JVNDB-2013-004939 // CNNVD: CNNVD-201310-631 // NVD: CVE-2013-6014

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10595	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6014	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6014	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10595	Trust: 0.1

sources: VULHUB: VHN-66016 // BID: 63391 // JVNDB: JVNDB-2013-004939 // CNNVD: CNNVD-201310-631 // NVD: CVE-2013-6014

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 63391

SOURCES

db:	VULHUB	id:	VHN-66016
db:	BID	id:	63391
db:	JVNDB	id:	JVNDB-2013-004939
db:	CNNVD	id:	CNNVD-201310-631
db:	NVD	id:	CVE-2013-6014

LAST UPDATE DATE

2025-04-11T23:17:15.731000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66016	date:	2019-09-27T00:00:00
db:	BID	id:	63391	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004939	date:	2015-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201310-631	date:	2019-09-30T00:00:00
db:	NVD	id:	CVE-2013-6014	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66016	date:	2013-10-28T00:00:00
db:	BID	id:	63391	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004939	date:	2013-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201310-631	date:	2013-10-30T00:00:00
db:	NVD	id:	CVE-2013-6014	date:	2013-10-28T22:55:04.133