CVE-2013-6014

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.

Published: Oct 28, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-6014
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.3
AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.1
AV:A/AC:L/Au:N/C:N/I:C/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
juniper / junos	10.4	10.4.x
juniper / junos	13.1	13.1.x
juniper / junos	13.2	13.2.x
juniper / junos	12.1	12.1.x
juniper / junos	12.1x45	12.1x45.x
juniper / junos	11.4x27	11.4x27.x
juniper / junos	11.4	11.4.x
juniper / junos	12.3	12.3.x
juniper / junos	12.2	12.2.x
juniper / junos	12.1x44	12.1x44.x

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595

Vulnerability Database

289,784

CVE-2013-6014