cvelistv5 - cve-2013-6958

CVE-2013-6958 (GCVE-0-2013-6958)

Vulnerability from cvelistv5 – Published: 2013-12-13 18:00 – Updated: 2024-08-06 17:53

Summary

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-0…	third-party-advisoryx_refsource_JVNDB
	http://osvdb.org/100861	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id/1029490	vdb-entryx_refsource_SECTRACK
	https://kb.juniper.net/JSA10604	x_refsource_CONFIRM
	http://jvn.jp/en/jp/JVN28436508/index.html	third-party-advisoryx_refsource_JVN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2013-000119",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
          },
          {
            "name": "100861",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/100861"
          },
          {
            "name": "1029490",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029490"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10604"
          },
          {
            "name": "JVN#28436508",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-31T15:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "JVNDB-2013-000119",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
        },
        {
          "name": "100861",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/100861"
        },
        {
          "name": "1029490",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029490"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10604"
        },
        {
          "name": "JVN#28436508",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6958",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2013-000119",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
            },
            {
              "name": "100861",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/100861"
            },
            {
              "name": "1029490",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029490"
            },
            {
              "name": "https://kb.juniper.net/JSA10604",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10604"
            },
            {
              "name": "JVN#28436508",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6958",
    "datePublished": "2013-12-13T18:00:00",
    "dateReserved": "2013-12-04T00:00:00",
    "dateUpdated": "2024-08-06T17:53:45.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF9D20BE-9AA1-44E2-B4C3-90A873B2329F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"452D480D-92EC-4491-B669-CCB9106B246B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2F484AD-901C-4D4E-81D0-41C177A73246\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A658500D-84C8-4F33-9AD3-2DF76DC41459\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F2B4E7A-30F3-488E-A685-7CBF998C7E9F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.\"}, {\"lang\": \"es\", \"value\": \"Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead est\\u00e1 deshabilitada, permite a atacantes remotos causar una denegaci\\u00f3n de servico a trav\\u00e9s de un paquete manipulado.\"}]",
      "id": "CVE-2013-6958",
      "lastModified": "2024-11-21T02:00:03.410",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-12-13T18:07:54.437",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN28436508/index.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/100861\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1029490\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/JSA10604\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN28436508/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/100861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1029490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/JSA10604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6958\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-12-13T18:07:54.437\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.\"},{\"lang\":\"es\",\"value\":\"Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead est\u00e1 deshabilitada, permite a atacantes remotos causar una denegaci\u00f3n de servico a trav\u00e9s de un paquete manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF9D20BE-9AA1-44E2-B4C3-90A873B2329F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"452D480D-92EC-4491-B669-CCB9106B246B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F484AD-901C-4D4E-81D0-41C177A73246\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A658500D-84C8-4F33-9AD3-2DF76DC41459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2B4E7A-30F3-488E-A685-7CBF998C7E9F\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN28436508/index.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/100861\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1029490\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/JSA10604\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN28436508/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/100861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/JSA10604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2013-AVI-674

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.3r8
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.1r17
Juniper Networks	N/A	Juniper Networks IDP versions 5.1 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 8.0r1
N/A	N/A	Juniper ScreenOS versions 6.2 et antérieures
Pulse Secure	N/A	Juniper Junos Pulse Secure Access Service (IVE) versions antérieures à 7.4r6
N/A	N/A	Juniper ScreenOS versions 6.3 et antérieures
N/A	N/A	Juniper ScreenOS versions 5.4 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA0602 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0603 du 11 décembre 2013	None	vendor-advisory
Bulletin de sécurité Juniper JSA0604 du 11 décembre 2013	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.3r8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.1r17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks IDP versions 5.1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 8.0r1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos Pulse Secure Access Service (IVE) versions ant\u00e9rieures \u00e0 7.4r6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Pulse Secure",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 5.4 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-6958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6958"
    },
    {
      "name": "CVE-2013-6956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6956"
    },
    {
      "name": "CVE-2013-6957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6957"
    }
  ],
  "links": [],
  "reference": "CERTA-2013-AVI-674",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0602 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10602\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0603 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10603\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA0604 du 11 d\u00e9cembre 2013",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10604\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GHSA-9VR7-72GC-V2WJ

Vulnerability from github – Published: 2022-05-17 04:55 – Updated: 2022-05-17 04:55

Details

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6958"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-12-13T18:07:00Z",
    "severity": "HIGH"
  },
  "details": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.",
  "id": "GHSA-9vr7-72gc-v2wj",
  "modified": "2022-05-17T04:55:07Z",
  "published": "2022-05-17T04:55:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6958"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA10604"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/100861"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201312-0247

Vulnerability from variot - Updated: 2023-12-18 12:58

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When processing a malicious packet, the device may hang. ScreenOS is prone to an unspecified denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial-of-service conditions. ScreenOS 5.4, 6.2.0, and 6.3.0 are vulnerable. Juniper Networks NetScreen Firewall running Juniper ScreenOS is an operating system of Juniper Networks (Juniper Networks) that runs on NetScreen series firewalls. ############################################################## FFRI, Inc.

=== Reference === CVE No. : CVE-2013-6958 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958

Mozilla Foundation Security Advisory : https://www.mozilla.org/security/announce/2013/mfsa2013-33.html

FFRI Advisory URL: http://www.ffri.jp/cgi-bin/advisory/advisory.cgi?type=release&id=FFRRA-20131213

=== About FFRI === FFRI is a leading security products and service vendor in Japan providing innovative security software and vulnerability research information. Our commitment is to secure our IT-driven society by protecting information system from unpredictable threats.

http://www.ffri.jp research-feedback@ffri.jp

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0247",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.2.0"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.3.0"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "5.4.0"
      },
      {
        "model": "netscreen-5200",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "netscreen-5400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "version 5.4 (ns 5gt only)"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "version 6.2"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "version 6.3"
      },
      {
        "model": "networks screenos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "64260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shuichiro Suzuki of FFRI, Inc",
    "sources": [
      {
        "db": "BID",
        "id": "64260"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6958",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2013-000119",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-66960",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6958",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2013-000119",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-308",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66960",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When processing a malicious packet, the device may hang. ScreenOS is prone to an unspecified denial-of-service vulnerability. \nSuccessful exploits may allow the attacker to cause denial-of-service conditions. \nScreenOS 5.4, 6.2.0, and 6.3.0 are vulnerable. Juniper Networks NetScreen Firewall running Juniper ScreenOS is an operating system of Juniper Networks (Juniper Networks) that runs on NetScreen series firewalls. ##############################################################\n   FFRI, Inc. \n\n=== Reference ===\nCVE No. : CVE-2013-6958\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958\n\nMozilla Foundation Security Advisory :\nhttps://www.mozilla.org/security/announce/2013/mfsa2013-33.html\n\nFFRI Advisory URL:\nhttp://www.ffri.jp/cgi-bin/advisory/advisory.cgi?type=release\u0026id=FFRRA-20131213\n\n=== About FFRI ===\nFFRI is a leading security products and service vendor in Japan \nproviding innovative security software and vulnerability research \ninformation. Our commitment is to secure our IT-driven society by\nprotecting information system from unpredictable threats. \n\nhttp://www.ffri.jp\nresearch-feedback@ffri.jp\n\n=== Copyright ===\n2007 - 2014 FFRI, Inc. All rights reserved",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "BID",
        "id": "64260"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "db": "PACKETSTORM",
        "id": "124903"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6958",
        "trust": 2.9
      },
      {
        "db": "JVN",
        "id": "JVN28436508",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119",
        "trust": 1.9
      },
      {
        "db": "OSVDB",
        "id": "100861",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10604",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1029490",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "56086",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "56089",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "64260",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "124903",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-61109",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-66960",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "db": "BID",
        "id": "64260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "PACKETSTORM",
        "id": "124903"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "id": "VAR-201312-0247",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      }
    ],
    "trust": 0.73095236
  },
  "last_update_date": "2023-12-18T12:58:04.199000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "2013-12 Security Bulletin: NetScreen Firewall: Crafted packet can cause denial of service (CVE-2013-6958)",
        "trust": 0.8,
        "url": "http://kb.juniper.net/jsa10604"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://jvn.jp/en/jp/jvn28436508/index.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.juniper.net/jsa10604"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/100861"
      },
      {
        "trust": 1.1,
        "url": "http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000119.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029490"
      },
      {
        "trust": 0.9,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6958"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6958"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/56086"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/56089"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6958"
      },
      {
        "trust": 0.1,
        "url": "http://www.ffri.jp/cgi-bin/advisory/advisory.cgi?type=release\u0026id=ffrra-20131213"
      },
      {
        "trust": 0.1,
        "url": "https://www.mozilla.org/security/announce/2013/mfsa2013-33.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.ffri.jp"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "db": "BID",
        "id": "64260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "PACKETSTORM",
        "id": "124903"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "db": "BID",
        "id": "64260"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "db": "PACKETSTORM",
        "id": "124903"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "date": "2013-12-12T00:00:00",
        "db": "BID",
        "id": "64260"
      },
      {
        "date": "2013-12-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "date": "2014-01-23T00:22:22",
        "db": "PACKETSTORM",
        "id": "124903"
      },
      {
        "date": "2013-12-13T18:07:54.437000",
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66960"
      },
      {
        "date": "2014-01-22T17:45:00",
        "db": "BID",
        "id": "64260"
      },
      {
        "date": "2013-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      },
      {
        "date": "2014-01-04T04:51:00.287000",
        "db": "NVD",
        "id": "CVE-2013-6958"
      },
      {
        "date": "2013-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper ScreenOS vulnerable to denial-of-service (DoS)",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000119"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-308"
      }
    ],
    "trust": 0.6
  }
}

JVNDB-2013-000119

Vulnerability from jvndb - Published: 2013-12-13 12:23 - Updated:2013-12-18 15:23

Severity ?

() - -

Summary

Juniper ScreenOS vulnerable to denial-of-service (DoS)

Details

ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN28436508/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6958
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Juniper Networks, Inc.

ScreenOS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000119.html",
  "dc:date": "2013-12-18T15:23+09:00",
  "dcterms:issued": "2013-12-13T12:23+09:00",
  "dcterms:modified": "2013-12-18T15:23+09:00",
  "description": "ScreenOS provided by Juniper Networks contains a denial-of-service (DoS) vulnerability.\r\n\r\nShuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000119.html",
  "sec:cpe": {
    "#text": "cpe:/o:juniper:screenos",
    "@product": "ScreenOS",
    "@vendor": "Juniper Networks, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000119",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN28436508/index.html",
      "@id": "JVN#28436508",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6958",
      "@id": "CVE-2013-6958",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6958",
      "@id": "CVE-2013-6958",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Juniper ScreenOS vulnerable to denial-of-service (DoS)"
}

GSD-2013-6958

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

Aliases

CVE-2013-6958

Aliases

CVE-2013-6958

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6958",
    "description": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.",
    "id": "GSD-2013-6958"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6958"
      ],
      "details": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.",
      "id": "GSD-2013-6958",
      "modified": "2023-12-13T01:22:19.169809Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6958",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2013-000119",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
          },
          {
            "name": "100861",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/100861"
          },
          {
            "name": "1029490",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029490"
          },
          {
            "name": "https://kb.juniper.net/JSA10604",
            "refsource": "CONFIRM",
            "url": "https://kb.juniper.net/JSA10604"
          },
          {
            "name": "JVN#28436508",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6958"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100861",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/100861"
            },
            {
              "name": "https://kb.juniper.net/JSA10604",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://kb.juniper.net/JSA10604"
            },
            {
              "name": "JVN#28436508",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
            },
            {
              "name": "JVNDB-2013-000119",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
            },
            {
              "name": "1029490",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1029490"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-01-04T04:51Z",
      "publishedDate": "2013-12-13T18:07Z"
    }
  }
}

FKIE_CVE-2013-6958

Vulnerability from fkie_nvd - Published: 2013-12-13 18:07 - Updated: 2025-04-11 00:51

Severity ?

Summary

Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN28436508/index.html
cve@mitre.org	http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html
cve@mitre.org	http://osvdb.org/100861
cve@mitre.org	http://www.securitytracker.com/id/1029490
cve@mitre.org	https://kb.juniper.net/JSA10604	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN28436508/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/100861
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029490
af854a3a-2127-422b-91ae-364da2661108	https://kb.juniper.net/JSA10604	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	screenos	5.4.0
juniper	screenos	6.2.0
juniper	screenos	6.3.0
juniper	netscreen-5200	-
juniper	netscreen-5400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:screenos:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9D20BE-9AA1-44E2-B4C3-90A873B2329F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "452D480D-92EC-4491-B669-CCB9106B246B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F484AD-901C-4D4E-81D0-41C177A73246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:juniper:netscreen-5200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A658500D-84C8-4F33-9AD3-2DF76DC41459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:netscreen-5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2B4E7A-30F3-488E-A685-7CBF998C7E9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet."
    },
    {
      "lang": "es",
      "value": "Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead est\u00e1 deshabilitada, permite a atacantes remotos causar una denegaci\u00f3n de servico a trav\u00e9s de un paquete manipulado."
    }
  ],
  "id": "CVE-2013-6958",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-13T18:07:54.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/100861"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1029490"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN28436508/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/100861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.juniper.net/JSA10604"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6958 (GCVE-0-2013-6958)

CERTA-2013-AVI-674

Solution

CERTA-2013-AVI-674

Solution

GHSA-9VR7-72GC-V2WJ

VAR-201312-0247

JVNDB-2013-000119

GSD-2013-6958

FKIE_CVE-2013-6958

Tags

Sightings

Nomenclature