Sign-up

ID

VAR-201404-0433


CVE

CVE-2014-2842


TITLE

Juniper ScreenOS is vulnerable to a denial of service from malformed SSL packets

Trust: 0.8

sources: CERT/CC: VU#480428

DESCRIPTION

Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet. ScreenOS is prone to a denial-of-service vulnerability. Successful exploits may allow the attacker to cause denial-of-service conditions. ScreenOS 6.3 is vulnerable; other versions may also be affected. Juniper Networks Juniper ScreenOS is an operating system developed by Juniper Networks (Juniper Networks) running on NetScreen series firewalls. A security vulnerability exists in Juniper Networks Juniper ScreenOS 6.3 and earlier

Trust: 2.7

sources: NVD: CVE-2014-2842 // CERT/CC: VU#480428 // JVNDB: JVNDB-2014-002137 // BID: 66802 // VULHUB: VHN-70781

AFFECTED PRODUCTS

vendor:junipermodel:screenosscope:eqversion:6.2.0

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.0.0

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:5.4.0

Trust: 1.6

vendor:junipermodel:screenosscope:eqversion:6.1.0

Trust: 1.6

vendor:junipermodel:screenosscope:lteversion:6.3.0

Trust: 1.0

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel:screenosscope:lteversion:6.3

Trust: 0.8

vendor:junipermodel:screenosscope:eqversion:6.3.0

Trust: 0.6

sources: CERT/CC: VU#480428 // JVNDB: JVNDB-2014-002137 // CNNVD: CNNVD-201404-218 // NVD: CVE-2014-2842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2842
value: HIGH

Trust: 1.0

NVD: CVE-2014-2842
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-002137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201404-218
value: HIGH

Trust: 0.6

VULHUB: VHN-70781
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2842
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-2842
severity: HIGH
baseScore: 7.8
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-002137
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-70781
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#480428 // VULHUB: VHN-70781 // JVNDB: JVNDB-2014-002137 // CNNVD: CNNVD-201404-218 // NVD: CVE-2014-2842

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-70781 // JVNDB: JVNDB-2014-002137 // NVD: CVE-2014-2842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-218

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201404-218

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002137

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#480428

PATCH
title:KB16765 - In which releases are vulnerabilities fixed?url:http://kb.juniper.net/InfoCenter/index?page=content&id=KB16765
Trust: 0.8
title:JSA10624url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10624
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002137

EXTERNAL IDS
db:NVDid:CVE-2014-2842
Trust: 2.8
db:CERT/CCid:VU#480428
Trust: 2.7
db:SECUNIAid:57910
Trust: 2.5
db:BIDid:66802
Trust: 2.0
db:JUNIPERid:JSA10624
Trust: 1.7
db:SECTRACKid:1030564
Trust: 1.1
db:JVNid:JVNVU96603356
Trust: 0.8
db:JVNDBid:JVNDB-2014-002137
Trust: 0.8
db:CNNVDid:CNNVD-201404-218
Trust: 0.7
db:VULHUBid:VHN-70781
Trust: 0.1
sources:
            
            
            CERT/CC: VU#480428 // 
            
            
            
            VULHUB: VHN-70781 // 
            
            
            
            BID: 66802 // 
            
            
            
            JVNDB: JVNDB-2014-002137 // 
            
            
            
            CNNVD: CNNVD-201404-218 // 
            
            
            
            NVD: CVE-2014-2842

REFERENCES
url:http://secunia.com/advisories/57910
Trust: 3.1
url:http://www.kb.cert.org/vuls/id/480428
Trust: 1.9
url:http://www.securityfocus.com/bid/66802
Trust: 1.7
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10624
Trust: 1.6
url:http://www.securitytracker.com/id/1030564
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2842
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96603356
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2842
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10624
Trust: 0.1
sources:
            
            
            CERT/CC: VU#480428 // 
            
            
            
            VULHUB: VHN-70781 // 
            
            
            
            BID: 66802 // 
            
            
            
            JVNDB: JVNDB-2014-002137 // 
            
            
            
            CNNVD: CNNVD-201404-218 // 
            
            
            
            NVD: CVE-2014-2842

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 66802

SOURCES
db:CERT/CCid:VU#480428
db:VULHUBid:VHN-70781
db:BIDid:66802
db:JVNDBid:JVNDB-2014-002137
db:CNNVDid:CNNVD-201404-218
db:NVDid:CVE-2014-2842

LAST UPDATE DATE
2024-11-23T23:09:23.649000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#480428date:2014-05-16T00:00:00
db:VULHUBid:VHN-70781date:2014-07-18T00:00:00
db:BIDid:66802date:2014-05-19T01:42:00
db:JVNDBid:JVNDB-2014-002137date:2014-04-18T00:00:00
db:CNNVDid:CNNVD-201404-218date:2014-04-17T00:00:00
db:NVDid:CVE-2014-2842date:2024-11-21T02:07:01.967

SOURCES RELEASE DATE
db:CERT/CCid:VU#480428date:2014-05-16T00:00:00
db:VULHUBid:VHN-70781date:2014-04-15T00:00:00
db:BIDid:66802date:2014-04-14T00:00:00
db:JVNDBid:JVNDB-2014-002137date:2014-04-18T00:00:00
db:CNNVDid:CNNVD-201404-218date:2014-04-17T00:00:00
db:NVDid:CVE-2014-2842date:2014-04-15T14:55:05.047