CVE-2014-0618 : Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.

Published 2014-01-11 04:44:43

Updated 2017-08-29 01:34:13

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2014-0618

Probability of exploitation activity in the next 30 days: 1.58%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0618

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2014-0618

http://www.securityfocus.com/bid/64769

Juniper Junos CVE-2014-0618 Denial of Service Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10611

Juniper Networks - 2014-01 Security Bulletin: Junos: SRX flowd crash while processing HTTP traffic when acting as UAC enforcer (CVE-2014-0618)
Vendor Advisory
http://www.securitytracker.com/id/1029584

Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service - SecurityTracker
https://exchange.xforce.ibmcloud.com/vulnerabilities/90238

Juniper Junos HTTP denial of service CVE-2014-0618 Vulnerability Report

Products affected by CVE-2014-0618

Juniper » Junos » Version: 10.4
cpe:2.3:o:juniper:junos:10.4:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 11.4
cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x44
cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x45
cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1r
cpe:2.3:o:juniper:junos:12.1r:*:*:*:*:*:*:*
Matching versions
Juniper » Srx100 » Version: N/A
cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx110 » Version: N/A
cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx210 » Version: N/A
cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx220 » Version: N/A
cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx240 » Version: N/A
cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx550 » Version: N/A
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx650 » Version: N/A
cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx1400 » Version: N/A
cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx3400 » Version: N/A
cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx3600 » Version: N/A
cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx5600 » Version: N/A
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx5800 » Version: N/A
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-0618

Exploit prediction scoring system (EPSS) score for CVE-2014-0618

CVSS scores for CVE-2014-0618

References for CVE-2014-0618

Products affected by CVE-2014-0618