CVE-2013-6014
moderate-risk
Published 2013-10-28
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
Do I need to act?
-
0.48% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10
Critical
ADJACENT_NETWORK
/ LOW complexity
Affected Vendors
References (2)
Vendor Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595
Vendor Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595
46
/ 100
moderate-risk
Severity
28/34 · Critical
Exploitability
2/34 · Minimal
Exposure
16/34 · Moderate