CVE-2014-6382 — Improper Input Validation in Juniper Junos

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.5%

top 35.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS Juniper MX Series

Timeline

PublishedJan 16

Latest updateMay 17

Description

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶NVDjuniper/junos13.3, 14.1, 14.2+2

▶juniperjuniper/junos_os

▶juniperjuniper/mx_series

🔴Vulnerability Details

GHSA

GHSA-wqxr-4f7p-r7mg: The Juniper MX Series routers with Junos 13↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2014-6382: The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2,↗2015-01-16

▶