CVE-2014-6386

Current Description

Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix.

Basic Data

PublishedJanuary 16, 2015
Last ModifiedJanuary 26, 2015
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-17
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSJuniperJunos11.4r1******
    2.3OSJuniperJunos11.4r2******
    2.3OSJuniperJunos11.4r3******
    2.3OSJuniperJunos11.4r4******
    2.3OSJuniperJunos11.4r5******
    2.3OSJuniperJunos11.4r6******
    2.3OSJuniperJunos11.4r7******
    2.3OSJuniperJunos12.1x44*******
    2.3OSJuniperJunos12.1x44d10******
    2.3OSJuniperJunos12.1x44d15******
    2.3OSJuniperJunos12.1x44d20******
    2.3OSJuniperJunos12.1x44d25******
    2.3OSJuniperJunos12.1x44d30******
    2.3OSJuniperJunos12.1x45*******
    2.3OSJuniperJunos12.1x45d10******
    2.3OSJuniperJunos12.1x45d15******
    2.3OSJuniperJunos12.1x45d20******
    2.3OSJuniperJunos12.1x46*******
    2.3OSJuniperJunos12.1x46d10******
    2.3OSJuniperJunos12.1x46d15******
    2.3OSJuniperJunos12.1x47*******
    2.3OSJuniperJunos12.2*******
    2.3OSJuniperJunos12.2r1******
    2.3OSJuniperJunos12.2r2******
    2.3OSJuniperJunos12.2r3******
    2.3OSJuniperJunos12.2r4******
    2.3OSJuniperJunos12.2r5******
    2.3OSJuniperJunos12.2r6******
    2.3OSJuniperJunos12.2r7******
    2.3OSJuniperJunos12.2r8******
    2.3OSJuniperJunos12.3*******
    2.3OSJuniperJunos12.3r1******
    2.3OSJuniperJunos12.3r2******
    2.3OSJuniperJunos13.1*******
    2.3OSJuniperJunos13.1r1******
    2.3OSJuniperJunos13.1r2******
    2.3OSJuniperJunos13.1r3******
    2.3OSJuniperJunos13.2*******

Vulnerable Software List

VendorProductVersions
Juniper Junos 11.4, 12.1x44, 12.1x45, 12.1x46, 12.1x47, 12.2, 12.3, 13.1, 13.2

References

NameSourceURLTags
72067http://www.securityfocus.com/bid/72067BID
1031548http://www.securitytracker.com/id/1031548SECTRACK
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10670CONFIRMVendor Advisory