CVE-2014-6386 — Reachable Assertion in Juniper Junos

CWE-173 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 28.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS

Timeline

PublishedJan 16

Latest updateMay 17

Description

Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R9, 12.3R2 before 12.3R2-S3, 12.3 before 12.3R3, 13.1 before 13.1R4, and 13.2 before 13.2R1 allows remote attackers to cause a denial of service (assertion failure and rpd restart) via a crafted BGP FlowSpec prefix.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDjuniper/junos9 versions+8

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-fjwp-rw7c-j7xg: Juniper Junos 11↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2014-6386: Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2↗2015-01-16

▶