Vulnerabilities > CVE-2013-4684 - Denial of Service vulnerability in Juniper Networks Junos

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

juniper

nessus

NVD

Published: 2013-07-11

Updated: 2013-08-22

Summary

flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 before 12.1R7, and 12.1X44 before 12.1X44-D15 on SRX devices, when PIM and NAT are enabled, allows remote attackers to cause a denial of service (daemon crash) via crafted PIM packets, aka PR 842253. Per: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10573 'Solution: All Junos OS software releases built on or after 2013-06-20 have fixed this specific issue. Releases containing the fix specifically include: 10.4S14, 11.4R8, 12.1R7, 12.1X44-D15, and all subsequent releases (i.e. all releases built after 12.1X44-D15).'

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 10.4 Juniper Junos 11.4 Juniper Junos 12.1 Juniper Junos 12.1X44	4
Hardware	Juniper Juniper Srx100 - Juniper Srx110 - Juniper Srx1400 - Juniper Srx210 - Juniper Srx220 - Juniper Srx240 - Juniper Srx3400 - Juniper Srx3600 - Juniper Srx550 - Juniper Srx5600 - Juniper Srx5800 - Juniper Srx650 -	12

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10573.NASL
description	According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability when Protocol-Independent Multicast (PIM) is enabled. An attacker, using specially crafted PIM packets subject to NAT, can cause the Flow Daemon (flowd) to crash. Repeated flowd crashes can result in a sustained denial of service against SRX series devices.
last seen	2020-06-01
modified	2020-06-02
plugin id	68906
published	2013-07-16
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/68906
title	Juniper Junos SRX Series PIM DoS (JSA10573)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(68906); script_version("1.7"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2013-4684"); script_bugtraq_id(61127); script_name(english:"Juniper Junos SRX Series PIM DoS (JSA10573)"); script_summary(english:"Checks the version, model, and build date"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability when Protocol-Independent Multicast (PIM) is enabled. An attacker, using specially crafted PIM packets subject to NAT, can cause the Flow Daemon (flowd) to crash. Repeated flowd crashes can result in a sustained denial of service against SRX series devices."); script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10573"); script_set_attribute(attribute:"solution",value: "Apply the relevant Junos software release referenced in Juniper advisory JSA10573."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/07/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Junos Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("junos_version.nasl"); script_require_keys("Host/Juniper/model", "Host/Juniper/JUNOS/Version", "Host/Juniper/JUNOS/BuildDate"); exit(0); } include("audit.inc"); include("junos.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version'); build_date = get_kb_item_or_exit('Host/Juniper/JUNOS/BuildDate'); model = get_kb_item_or_exit('Host/Juniper/model'); check_model(model:model, flags:SRX_SERIES, exit_on_fail:TRUE); if (compare_build_dates(build_date, '2013-06-20') >= 0) audit(AUDIT_INST_VER_NOT_VULN, 'Junos', ver + ' (build date ' + build_date + ')'); fixes['10.4'] = '10.4S14'; fixes['11.4'] = '11.4R8'; fixes['12.1'] = '12.1R7'; fixes['12.1X44'] = '12.1X44-D15'; fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE); if (report_verbosity > 0) { report = get_report(ver:ver, fix:fix, model:model); security_hole(port:0, extra:report); } else security_hole(0);

Summary

Vulnerable Configurations

Nessus

References