CVE-2014-3825 : The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet.

Published 2014-10-14 14:55:05

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-3825

Juniper » Junos » Version: 11.4
cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1
cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x44
cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x45
cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x46
cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*
Matching versions
Juniper » Junos » Version: 12.1x47
cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*
Matching versions
Juniper » Srx100 » Version: N/A
cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx110 » Version: N/A
cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx210 » Version: N/A
cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx220 » Version: N/A
cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx240 » Version: N/A
cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx550 » Version: N/A
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx650 » Version: N/A
cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx1400 » Version: N/A
cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx3400 » Version: N/A
cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx3600 » Version: N/A
cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx5600 » Version: N/A
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
Matching versions
Juniper » Srx5800 » Version: N/A
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3825

EPSS FAQ

0.77%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3825

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-3825

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3825

http://www.securitytracker.com/id/1031007

Juniper Junos SRX Series flowd Bug Lets Remote Users Deny Service - SecurityTracker
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10650

Juniper Networks - 2014-10 Security Bulletin: Junos: SRX flowd denial of service vulnerability related to ALGs (CVE-2014-3825)
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-3825

Products affected by CVE-2014-3825

Exploit prediction scoring system (EPSS) score for CVE-2014-3825

CVSS scores for CVE-2014-3825

CWE ids for CVE-2014-3825

References for CVE-2014-3825