Sign-up

ID

VAR-201410-1108


CVE

CVE-2014-3825


TITLE

Junos of Juniper SRX Service operation interruption in series drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-004847

DESCRIPTION

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Note: This issue affects on SRX series devices. Juniper Networks SRX Series devices with Junos are SRX series devices of Juniper Networks (Juniper Networks) running the Junos operating system. The following versions are affected: Juniper Networks Juniper SRX Series devices with Junos 11.4R12-S4 prior to 11.4, 12.1X44 prior to 12.1X44-D40, 12.1X45 prior to 12.1X45-D30, 12.1X46 prior to 12.1X46-D25, 12.1X47 -D10 before 12.1X47 version

Trust: 1.98

sources: NVD: CVE-2014-3825 // JVNDB: JVNDB-2014-004847 // BID: 70366 // VULHUB: VHN-71765

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:12.1x47

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x46

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x45

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1x44

Trust: 1.9

vendor:junipermodel:junosscope:eqversion:12.1

Trust: 1.6

vendor:junipermodel:junosscope:eqversion:11.4

Trust: 1.6

vendor:junipermodel:srx3600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx100scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx240scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx550scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx210scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx110scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx1400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx3400scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx650scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx220scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5800scope:eqversion: -

Trust: 1.0

vendor:junipermodel:srx5600scope:eqversion: -

Trust: 1.0

vendor:junipermodel:junos osscope:ltversion:12.1x44

Trust: 0.8

vendor:junipermodel:srx3400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:11.4

Trust: 0.8

vendor:junipermodel:srx210scope: - version: -

Trust: 0.8

vendor:junipermodel:srx650scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:11.4r12-s4

Trust: 0.8

vendor:junipermodel:srx550scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5800scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x44-d40

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x45

Trust: 0.8

vendor:junipermodel:srx100scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x47-d11

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x46

Trust: 0.8

vendor:junipermodel:srx220scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5600scope: - version: -

Trust: 0.8

vendor:junipermodel:srx5400scope: - version: -

Trust: 0.8

vendor:junipermodel:srx110scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:ltversion:12.1x47

Trust: 0.8

vendor:junipermodel:srx240scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x46-d25

Trust: 0.8

vendor:junipermodel:srx1400scope: - version: -

Trust: 0.8

vendor:junipermodel:junos osscope:eqversion:12.1x45-d30

Trust: 0.8

vendor:junipermodel:srx3600scope: - version: -

Trust: 0.8

vendor:junipermodel:junos 12.1x46-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x45-d25scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x45-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x45-d10scope: - version: -

Trust: 0.3

vendor:junipermodel:junos d15scope:eqversion:12.1x45-

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d35scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d34scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d32scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30.4scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d30scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d26scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20.3scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d20scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 11.4r12scope: - version: -

Trust: 0.3

vendor:junipermodel:junos 12.1x47-d10scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x46-d25scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x45-d30scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 12.1x44-d40scope:neversion: -

Trust: 0.3

vendor:junipermodel:junos 11.4r12-s4scope:neversion: -

Trust: 0.3

sources: BID: 70366 // JVNDB: JVNDB-2014-004847 // CNNVD: CNNVD-201410-259 // NVD: CVE-2014-3825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3825
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3825
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-259
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71765
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3825
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71765
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-71765 // JVNDB: JVNDB-2014-004847 // CNNVD: CNNVD-201410-259 // NVD: CVE-2014-3825

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-71765 // JVNDB: JVNDB-2014-004847 // NVD: CVE-2014-3825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-259

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-259

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004847

PATCH
title:JSA10650url:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004847

EXTERNAL IDS
db:NVDid:CVE-2014-3825
Trust: 2.8
db:JUNIPERid:JSA10650
Trust: 2.0
db:SECTRACKid:1031007
Trust: 1.1
db:JVNDBid:JVNDB-2014-004847
Trust: 0.8
db:CNNVDid:CNNVD-201410-259
Trust: 0.7
db:BIDid:70366
Trust: 0.4
db:VULHUBid:VHN-71765
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71765 // 
            
            
            
            BID: 70366 // 
            
            
            
            JVNDB: JVNDB-2014-004847 // 
            
            
            
            CNNVD: CNNVD-201410-259 // 
            
            
            
            NVD: CVE-2014-3825

REFERENCES
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10650
Trust: 1.6
url:http://www.securitytracker.com/id/1031007
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3825
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3825
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10650&cat=sirt_1&actp=list
Trust: 0.3
url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10650
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71765 // 
            
            
            
            BID: 70366 // 
            
            
            
            JVNDB: JVNDB-2014-004847 // 
            
            
            
            CNNVD: CNNVD-201410-259 // 
            
            
            
            NVD: CVE-2014-3825

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 70366

SOURCES
db:VULHUBid:VHN-71765
db:BIDid:70366
db:JVNDBid:JVNDB-2014-004847
db:CNNVDid:CNNVD-201410-259
db:NVDid:CVE-2014-3825

LAST UPDATE DATE
2024-11-23T22:46:00.783000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71765date:2015-11-05T00:00:00
db:BIDid:70366date:2014-10-08T00:00:00
db:JVNDBid:JVNDB-2014-004847date:2015-12-02T00:00:00
db:CNNVDid:CNNVD-201410-259date:2014-10-16T00:00:00
db:NVDid:CVE-2014-3825date:2024-11-21T02:08:55.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-71765date:2014-10-14T00:00:00
db:BIDid:70366date:2014-10-08T00:00:00
db:JVNDBid:JVNDB-2014-004847date:2014-10-20T00:00:00
db:CNNVDid:CNNVD-201410-259date:2014-10-15T00:00:00
db:NVDid:CVE-2014-3825date:2014-10-14T14:55:05.070