National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-3818 Detail

Description

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.

Source:  MITRE
Description Last Modified:  10/14/2014

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 7.8 HIGH
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C) (V2 legend)
Impact Subscore: 6.9
Exploitability Subscore: 10.0


Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete
Additional Information:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securitytracker.com/id/1031009
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653 Vendor Advisory

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.4r:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:10.4s:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:11.0:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:11.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:11.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:11.3:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.1x48:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.2x50:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.1x49:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.1x50:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.2x50:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.2x51:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.2x52:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-3818
NVD Published Date:
10/14/2014
NVD Last Modified:
11/05/2015