fkie_cve-2014-3818
Vulnerability from fkie_nvd
Published
2014-10-14 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | junos | 9.1 | |
| juniper | junos | 9.2 | |
| juniper | junos | 9.4 | |
| juniper | junos | 9.5 | |
| juniper | junos | 9.6 | |
| juniper | junos | 10.0 | |
| juniper | junos | 10.1 | |
| juniper | junos | 10.2 | |
| juniper | junos | 10.3 | |
| juniper | junos | 10.4 | |
| juniper | junos | 10.4r | |
| juniper | junos | 10.4s | |
| juniper | junos | 11.0 | |
| juniper | junos | 11.1 | |
| juniper | junos | 11.2 | |
| juniper | junos | 11.3 | |
| juniper | junos | 11.4 | |
| juniper | junos | 12.1 | |
| juniper | junos | 12.1x44 | |
| juniper | junos | 12.1x46 | |
| juniper | junos | 12.1x47 | |
| juniper | junos | 12.1x48 | |
| juniper | junos | 12.2 | |
| juniper | junos | 12.2x50 | |
| juniper | junos | 12.3 | |
| juniper | junos | 13.1 | |
| juniper | junos | 13.1x49 | |
| juniper | junos | 13.1x50 | |
| juniper | junos | 13.2 | |
| juniper | junos | 13.2x50 | |
| juniper | junos | 13.2x51 | |
| juniper | junos | 13.2x52 | |
| juniper | junos | 13.3 | |
| juniper | junos | 14.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DB4226-A4B1-4647-88CA-74AAFA3AE022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7CAA11-F8FE-4732-A649-B9DD751917F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F474869-F2AD-4B2A-BF9D-66BAA8F8C3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DA28B556-9507-44B0-8F52-7FB9CADC74DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "135EA92C-6699-4686-8827-30E50C74BB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FFDD73-F4A7-42BC-8CEF-4E7CC469CF28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3546BA8D-CEA4-4C95-B18F-4AC112195008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC12ED6-463F-4576-80F4-E1B697B579B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "37235C6B-B7B8-41EC-A1D2-336D8BAD9DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45C2DA1E-12A7-4018-92CE-7621FC278025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4r:*:*:*:*:*:*:*",
"matchCriteriaId": "2EEFBB24-9EDB-4263-B1BF-6DF4E3642A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:10.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "B36C97C5-FE31-488E-BFFC-6FD0FD676E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DFF18C-672C-49D4-BDC7-9D2E1D945E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53E23759-F3CC-45D8-B6C7-2C24F9010EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7B435-75C8-4A9C-A679-B0B51A5DD334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF5517B-D3E5-492A-9C27-C187AD5AEC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41543223-0FA9-4CBE-8DEC-717CE5FFED79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B8FD6-A597-4845-8E8E-63EFDF606006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
"matchCriteriaId": "1B307477-C5F2-4D98-AF4C-640D326164C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.1x48:*:*:*:*:*:*:*",
"matchCriteriaId": "CC51B5DB-B9F2-48B5-A64B-FB2EB5311EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB9541A-2570-459A-87D6-5341C67B8EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.2x50:*:*:*:*:*:*:*",
"matchCriteriaId": "A0684A88-6BBE-4F7E-A79A-AF8244241E8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E014A0D-0054-4EBA-BA1F-035B74BD822F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71FB12AC-DB5A-444A-81E0-C0DDD06810EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1x49:*:*:*:*:*:*:*",
"matchCriteriaId": "C71D3BA8-DA7D-46EF-8E2C-63DD630B7A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.1x50:*:*:*:*:*:*:*",
"matchCriteriaId": "016DCFD8-9E72-4857-AE98-42F7BB581903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB7D840-9469-4CE2-8DBF-017A44741374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2x50:*:*:*:*:*:*:*",
"matchCriteriaId": "14ED6898-86EC-484F-9ACB-0485B0DECDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2x51:*:*:*:*:*:*:*",
"matchCriteriaId": "8B73BE56-F298-4EC5-88A3-D9808B89B63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.2x52:*:*:*:*:*:*:*",
"matchCriteriaId": "E69CA1E9-4416-4DEC-BF97-C22C615385BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4AF5DAA-62F5-491F-A9CE-098970671D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6237291A-B861-4D53-B7AA-C53A44B76896",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE."
},
{
"lang": "es",
"value": "Juniper Junos OS 9.1 hasta 11.4 anterior a 11.4R11, 12.1 anterior a R10, 12.1X44 anterior a D40, 12.1X46 anterior a D30, 12.1X47 anterior a D11 y 12.147-D15, 12.1X48 anterior a D41 y D62, 12.2 anterior a R8, 12.2X50 anterior a D70, 12.3 anterior a R6, 13.1 anterior a R4-S2, 13.1X49 anterior a D49, 13.1X50 anterior a 30, 13.2 anterior a R4, 13.2X50 anterior a D20, 13.2X51 anterior a D25, 13.2X52 anterior a D15, 13.3 anterior a R2, y 14.1 anterior a R1, cuando soporta n\u00fameros AS de 4-bytes y un par BGP no lo hace, permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda y reinicio del proceso de enrutamiento RDP) a trav\u00e9s de atributos transitivos manipulados en una actualizaci\u00f3n de BGP."
}
],
"id": "CVE-2014-3818",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-14T14:55:05.007",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1031009"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10653"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…