CVE-2014-6382

Current Description

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.

Basic Data

PublishedJanuary 16, 2015
Last ModifiedFebruary 04, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.1
SeverityHIGH
Exploitability Score8.6
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSJuniperJunos13.3r3******
      2.3OSJuniperJunos13.3r4******
      2.3OSJuniperJunos13.3r5******
      2.3OSJuniperJunos14.1*******
      2.3OSJuniperJunos14.1r1******
      2.3OSJuniperJunos14.1r2******
      2.3OSJuniperJunos14.1r3******
      2.3OSJuniperJunos14.2*******
      2.3OSJuniperJunos14.2r1******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareJuniperMx10********
      2.3HardwareJuniperMx104********
      2.3HardwareJuniperMx2010********
      2.3HardwareJuniperMx2020********
      2.3HardwareJuniperMx240********
      2.3HardwareJuniperMx40********
      2.3HardwareJuniperMx480********
      2.3HardwareJuniperMx80********
      2.3HardwareJuniperMx960********
      2.3OSJuniperVmx********

Vulnerable Software List

VendorProductVersions
Juniper Junos 13.3, 14.1, 14.2

References

NameSourceURLTags
72070http://www.securityfocus.com/bid/72070BID
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10665https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10665CONFIRMVendor Advisory