var-201310-0384
Vulnerability from variot
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks. Juniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x45"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44-d20"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x45-d15"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x45"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos 12.1x45-d15",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "63389"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:juniper:junos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks",
"sources": [
{
"db": "BID",
"id": "63389"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2013-6012",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-66014",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6012",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-6012",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-630",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-66014",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. Juniper Junos is prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and gain unauthenticated access to the affected device. This may lead to further attacks. \nJuniper Junos versions 12.1X44 and 12.1X45 vulnerable. The operating system provides a secure programming interface and Junos SDK. There is an unauthorized access vulnerability in uniper Junos 12.1X44 and 12.1X45 versions. The vulnerability is caused by enabling the no-validate option during the software upgrade, which results in a validation error when configuring the startup sequence",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6012"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "BID",
"id": "63389"
},
{
"db": "VULHUB",
"id": "VHN-66014"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6012",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10593",
"trust": 2.0
},
{
"db": "BID",
"id": "63389",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-66014",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66014"
},
{
"db": "BID",
"id": "63389"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"id": "VAR-201310-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66014"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:23:13.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10593",
"trust": 0.8,
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10593"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66014"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10593"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/63389"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6012"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6012"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10593"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66014"
},
{
"db": "BID",
"id": "63389"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66014"
},
{
"db": "BID",
"id": "63389"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-66014"
},
{
"date": "2013-10-28T00:00:00",
"db": "BID",
"id": "63389"
},
{
"date": "2013-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"date": "2013-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"date": "2013-10-28T22:55:04.087000",
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-66014"
},
{
"date": "2013-10-28T00:00:00",
"db": "BID",
"id": "63389"
},
{
"date": "2013-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004938"
},
{
"date": "2013-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-630"
},
{
"date": "2024-11-21T01:58:37.167000",
"db": "NVD",
"id": "CVE-2013-6012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Junos Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004938"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-630"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…