CVE-2014-6377 — Juniper Junos E vulnerability

CWE-3993 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos E Juniper Junos OS

Timeline

PublishedOct 14

Latest updateMay 17

Description

Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDjuniper/junos_e13.3.2+4

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-q637-wc99-vp9x: Juniper JunosE before 13↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2014-6377: Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attack↗2014-10-14

▶