CVE-2014-6385

Current Description

Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, 12.2 before 12.2R9, 12.3R7 before 12.3R7-S1, 12.3 before 12.3R8, 13.1 before 13.1R5, 13.2 before 13.2R6, 13.3 before 13.3R4, 14.1 before 14.1R2, and 14.2 before 14.2R1 allows remote attackers to cause a denial of service (kernel crash and restart) via a crafted fragmented OSPFv3 packet with an IPsec Authentication Header (AH).

Basic Data

PublishedJanuary 16, 2015
Last ModifiedJanuary 26, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorADJACENT_NETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.1
SeverityMEDIUM
Exploitability Score6.5
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSJuniperJunos11.4*******
    2.3OSJuniperJunos11.4r1******
    2.3OSJuniperJunos11.4r10******
    2.3OSJuniperJunos11.4r11******
    2.3OSJuniperJunos11.4r12******
    2.3OSJuniperJunos11.4r2******
    2.3OSJuniperJunos11.4r3******
    2.3OSJuniperJunos11.4r4******
    2.3OSJuniperJunos11.4r5******
    2.3OSJuniperJunos11.4r6******
    2.3OSJuniperJunos11.4r7******
    2.3OSJuniperJunos11.4r8******
    2.3OSJuniperJunos11.4r9******
    2.3OSJuniperJunos12.1x44*******
    2.3OSJuniperJunos12.1x44d10******
    2.3OSJuniperJunos12.1x44d15******
    2.3OSJuniperJunos12.1x44d20******
    2.3OSJuniperJunos12.1x44d25******
    2.3OSJuniperJunos12.1x44d30******
    2.3OSJuniperJunos12.1x44d35******
    2.3OSJuniperJunos12.1x44d40******
    2.3OSJuniperJunos12.1x46*******
    2.3OSJuniperJunos12.1x46d10******
    2.3OSJuniperJunos12.1x46d15******
    2.3OSJuniperJunos12.1x46d20******
    2.3OSJuniperJunos12.1x46d25******
    2.3OSJuniperJunos12.1x47*******
    2.3OSJuniperJunos12.1x47d10******
    2.3OSJuniperJunos12.2*******
    2.3OSJuniperJunos12.2r1******
    2.3OSJuniperJunos12.2r2******
    2.3OSJuniperJunos12.2r3******
    2.3OSJuniperJunos12.2r4******
    2.3OSJuniperJunos12.2r5******
    2.3OSJuniperJunos12.2r6******
    2.3OSJuniperJunos12.2r7******
    2.3OSJuniperJunos12.2r8******
    2.3OSJuniperJunos12.3*******
    2.3OSJuniperJunos12.3r1******
    2.3OSJuniperJunos12.3r2******
    2.3OSJuniperJunos12.3r3******
    2.3OSJuniperJunos12.3r4******
    2.3OSJuniperJunos12.3r5******
    2.3OSJuniperJunos12.3r6******
    2.3OSJuniperJunos12.3r7******
    2.3OSJuniperJunos12.3r8******
    2.3OSJuniperJunos13.1*******
    2.3OSJuniperJunos13.1r1******
    2.3OSJuniperJunos13.1r2******
    2.3OSJuniperJunos13.1r3******
    2.3OSJuniperJunos13.1r4******
    2.3OSJuniperJunos13.2*******
    2.3OSJuniperJunos13.2r1******
    2.3OSJuniperJunos13.2r2******
    2.3OSJuniperJunos13.2r3******
    2.3OSJuniperJunos13.2r4******
    2.3OSJuniperJunos13.2r5******
    2.3OSJuniperJunos13.3*******
    2.3OSJuniperJunos13.3r1******
    2.3OSJuniperJunos13.3r2******
    2.3OSJuniperJunos13.3r3******
    2.3OSJuniperJunos14.1*******
    2.3OSJuniperJunos14.1r1******
    2.3OSJuniperJunos14.2*******
    2.3OSJuniperJunos14.2r1******

Vulnerable Software List

VendorProductVersions
Juniper Junos 11.4, 12.1x44, 12.1x46, 12.1x47, 12.2, 12.3, 13.1, 13.2, 13.3, 14.1, 14.2

References

NameSourceURLTags
72072http://www.securityfocus.com/bid/72072BID
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10668CONFIRMVendor Advisory