Details of VAR-201405-0180

ID

VAR-201405-0180

CVE

CVE-2014-3411

TITLE

NSM of NSM XDB Vulnerability in arbitrary code execution in a service

Trust: 0.8

sources: JVNDB: JVNDB-2014-002564

DESCRIPTION

Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the XDB service. The issue lies in the ability to connect to the service with a remote debugger. An attacker can leverage this vulnerability to execute code under the context of the Java service, which can then be used in conjunction with a privilege escalation vulnerability to gain root privileges

Trust: 2.61

sources: NVD: CVE-2014-3411 // JVNDB: JVNDB-2014-002564 // ZDI: ZDI-14-297 // BID: 67445 // VULHUB: VHN-71351

AFFECTED PRODUCTS

vendor:	juniper	model:	network and security manager software	scope:	eq	version:	2012.2	Trust: 1.6
vendor:	juniper	model:	nsmexpress	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	nsm3000	scope:	eq	version:	-	Trust: 1.0
vendor:	juniper	model:	network and security manager software	scope:	lte	version:	2012.2	Trust: 1.0
vendor:	juniper	model:	nsm	scope:	lt	version:	2012.2r8	Trust: 0.8
vendor:	juniper	model:	network and security manager	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-14-297 // JVNDB: JVNDB-2014-002564 // CNNVD: CNNVD-201405-316 // NVD: CVE-2014-3411

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3411
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3411
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-3411
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201405-316
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71351
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3411
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
VULHUB:	VHN-71351
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: ZDI: ZDI-14-297 // VULHUB: VHN-71351 // JVNDB: JVNDB-2014-002564 // CNNVD: CNNVD-201405-316 // NVD: CVE-2014-3411

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3411

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-316

TYPE

Design Error

Trust: 0.3

sources: BID: 67445

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002564

PATCH

title:	JSA10625	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10625	Trust: 0.8
title:	Juniper has issued an update to correct this vulnerability.	url:	http://kb.juniper.net/JSA10625	Trust: 0.7

sources: ZDI: ZDI-14-297 // JVNDB: JVNDB-2014-002564

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3411	Trust: 3.5
db:	JUNIPER	id:	JSA10625	Trust: 2.0
db:	SECUNIA	id:	58684	Trust: 1.7
db:	BID	id:	67445	Trust: 1.4
db:	SECTRACK	id:	1030253	Trust: 1.1
db:	ZDI	id:	ZDI-14-297	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002564	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2151	Trust: 0.7
db:	CNNVD	id:	CNNVD-201405-316	Trust: 0.7
db:	VULHUB	id:	VHN-71351	Trust: 0.1

sources: ZDI: ZDI-14-297 // VULHUB: VHN-71351 // BID: 67445 // JVNDB: JVNDB-2014-002564 // CNNVD: CNNVD-201405-316 // NVD: CVE-2014-3411

REFERENCES

url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10625	Trust: 1.9
url:	http://secunia.com/advisories/58684	Trust: 1.7
url:	http://www.securityfocus.com/bid/67445	Trust: 1.1
url:	http://www.securitytracker.com/id/1030253	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3411	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3411	Trust: 0.8
url:	http://kb.juniper.net/jsa10625	Trust: 0.7
url:	http://www.juniper.net/us/en/products-services/security/nsm/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-14-297/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10625	Trust: 0.1

sources: ZDI: ZDI-14-297 // VULHUB: VHN-71351 // BID: 67445 // JVNDB: JVNDB-2014-002564 // CNNVD: CNNVD-201405-316 // NVD: CVE-2014-3411

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-14-297

SOURCES

db:	ZDI	id:	ZDI-14-297
db:	VULHUB	id:	VHN-71351
db:	BID	id:	67445
db:	JVNDB	id:	JVNDB-2014-002564
db:	CNNVD	id:	CNNVD-201405-316
db:	NVD	id:	CVE-2014-3411

LAST UPDATE DATE

2024-11-23T22:35:15.896000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-297	date:	2014-08-27T00:00:00
db:	VULHUB	id:	VHN-71351	date:	2017-01-07T00:00:00
db:	BID	id:	67445	date:	2015-03-19T09:37:00
db:	JVNDB	id:	JVNDB-2014-002564	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-316	date:	2014-05-23T00:00:00
db:	NVD	id:	CVE-2014-3411	date:	2024-11-21T02:08:02.087

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-14-297	date:	2014-08-27T00:00:00
db:	VULHUB	id:	VHN-71351	date:	2014-05-19T00:00:00
db:	BID	id:	67445	date:	2014-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-002564	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-316	date:	2014-05-22T00:00:00
db:	NVD	id:	CVE-2014-3411	date:	2014-05-19T14:55:12.047