CVE-2014-6449

Current Description

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets "destined to the device."

Basic Data

PublishedOctober 16, 2015
Last ModifiedDecember 08, 2016
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSJuniperJunos12.1x44*******
    2.3OSJuniperJunos12.1x44d10******
    2.3OSJuniperJunos12.1x44d15******
    2.3OSJuniperJunos12.1x44d20******
    2.3OSJuniperJunos12.1x44d25******
    2.3OSJuniperJunos12.1x44d30******
    2.3OSJuniperJunos12.1x44d35******
    2.3OSJuniperJunos12.1x44d40******
    2.3OSJuniperJunos12.1x44d45******
    2.3OSJuniperJunos12.1x46*******
    2.3OSJuniperJunos12.1x46d10******
    2.3OSJuniperJunos12.1x46d15******
    2.3OSJuniperJunos12.1x46d20******
    2.3OSJuniperJunos12.1x46d25******
    2.3OSJuniperJunos12.1x46d30******
    2.3OSJuniperJunos12.1x47*******
    2.3OSJuniperJunos12.1x47d10******
    2.3OSJuniperJunos12.1x47d15******
    2.3OSJuniperJunos12.1x47d20******
    2.3OSJuniperJunos12.3*******
    2.3OSJuniperJunos12.3r1******
    2.3OSJuniperJunos12.3r2******
    2.3OSJuniperJunos12.3r3******
    2.3OSJuniperJunos12.3r4******
    2.3OSJuniperJunos12.3r5******
    2.3OSJuniperJunos12.3r6******
    2.3OSJuniperJunos12.3r7******
    2.3OSJuniperJunos12.3r8******
    2.3OSJuniperJunos12.3r9******
    2.3OSJuniperJunos12.3x48*******
    2.3OSJuniperJunos12.3x48d10******
    2.3OSJuniperJunos12.3x48d5******
    2.3OSJuniperJunos13.2*******
    2.3OSJuniperJunos13.2r1******
    2.3OSJuniperJunos13.2r2******
    2.3OSJuniperJunos13.2r3******
    2.3OSJuniperJunos13.2r4******
    2.3OSJuniperJunos13.2r5******
    2.3OSJuniperJunos13.2r6******
    2.3OSJuniperJunos13.2r7******
    2.3OSJuniperJunos13.3*******
    2.3OSJuniperJunos13.3r1******
    2.3OSJuniperJunos13.3r2******
    2.3OSJuniperJunos13.3r2-s2******
    2.3OSJuniperJunos13.3r3******
    2.3OSJuniperJunos13.3r4******
    2.3OSJuniperJunos13.3r5******
    2.3OSJuniperJunos13.3r6******
    2.3OSJuniperJunos14.1*******
    2.3OSJuniperJunos14.1r1******
    2.3OSJuniperJunos14.1r2******
    2.3OSJuniperJunos14.1r3******
    2.3OSJuniperJunos14.1r4******
    2.3OSJuniperJunos14.2*******

Vulnerable Software List

VendorProductVersions
Juniper Junos 12.1x44, 12.1x46, 12.1x47, 12.3, 12.3x48, 13.2, 13.3, 14.1, 14.2

References

NameSourceURLTags
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10696http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10696CONFIRMVendor Advisory
1033853http://www.securitytracker.com/id/1033853SECTRACK