CVE-2014-3818
CVSS V2 High 7.8
CVSS V3 None
Description
Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.
Overview
- CVE ID
- CVE-2014-3818
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2014-10-14T14:55:05
- Last Modified Date
- 2015-11-05T16:21:37
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:juniper:junos:9.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:9.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:9.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:9.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:9.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.4r:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:10.4s:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:11.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:11.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:11.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:11.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.1x48:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.2x50:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:12.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.1:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.1x49:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.1x50:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.2x50:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.2x51:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.2x52:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:13.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:juniper:junos:14.1:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- NONE
- Availability Impact
- COMPLETE
- Base Score
- 7.8
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 6.9
References
| Reference URL | Reference Tags |
|---|---|
| https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653 | Vendor Advisory |
| http://www.securitytracker.com/id/1031009 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-3818 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3818 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:19:17 | Added to TrackCVE | |||
| 2022-12-02 01:23:57 | 2014-10-14T14:55Z | 2014-10-14T14:55:05 | CVE Published Date | updated |
| 2022-12-02 01:23:57 | 2015-11-05T16:21:37 | CVE Modified Date | updated | |
| 2022-12-02 01:23:57 | Analyzed | Vulnerability Status | updated |