CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4685

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile21.95th
PublishedJul 11, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.

Affected Platforms (CPE)

πŸ’»
Juniper

Junos

= 10.4
πŸ’»
Juniper

Junos

= 11.4
πŸ’»
Juniper

Junos

= 12.1
πŸ’»
Juniper

Junos

= 12.1x44
πŸ”Œ
Juniper

Srx100

All versions
πŸ”Œ
Juniper

Srx110

All versions
πŸ”Œ
Juniper

Srx1400

All versions
πŸ”Œ
Juniper

Srx210

All versions
πŸ”Œ
Juniper

Srx220

All versions
πŸ”Œ
Juniper

Srx240

All versions
πŸ”Œ
Juniper

Srx3400

All versions
πŸ”Œ
Juniper

Srx3600

All versions
πŸ”Œ
Juniper

Srx550

All versions
πŸ”Œ
Juniper

Srx5600

All versions
πŸ”Œ
Juniper

Srx5800

All versions
πŸ”Œ
Juniper

Srx650

All versions

References & Advisories

πŸ”— http://kb.juniper.net/JSA10574
πŸ”— http://osvdb.org/95108
πŸ”— http://www.securityfocus.com/bid/61125
πŸ”— http://kb.juniper.net/JSA10574
πŸ”— http://osvdb.org/95108
πŸ”— http://www.securityfocus.com/bid/61125

Related Vulnerabilities

CVE-2021-024810.0

This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials in Juniper Networks ...

CVE-2014-341210.0

Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execut...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...