CVE-2013-6014
CRITICALJuniper Junos <=13.2R1 - Unauthenticated ARP Poisoning and Sensitive Information Exposure via Proxy ARP
Title source: llmDescription
Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10595
Scores
CVSS v3
9.3
EPSS
0.0048
EPSS Percentile
65.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
Details
CWE
CWE-200
Status
published
Products (10)
juniper/junos
10.4
juniper/junos
11.4
juniper/junos
11.4x27
juniper/junos
12.1
juniper/junos
12.1x44
juniper/junos
12.1x45
juniper/junos
12.2
juniper/junos
12.3
juniper/junos
13.1
juniper/junos
13.2
Published
Oct 28, 2013
Tracked Since
Feb 18, 2026