CVE-2013-4685

critical

Published 2013-07-11 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://kb.juniper.net/JSA10574

References

http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125
http://kb.juniper.net/JSA10574
http://osvdb.org/95108
http://www.securityfocus.com/bid/61125

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.