Vulnerability Details : CVE-2014-6377
Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8.
Vulnerability category: Denial of service
Products affected by CVE-2014-6377
- cpe:2.3:o:juniper:junos_e:*:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_e:14.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_e:14.3.0:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_e:13.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos_e:13.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6377
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6377
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-6377
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6377
-
http://www.securityfocus.com/bid/70368
Juniper JunosE CVE-2014-6377 ICMP Packet Handling Denial of Service Vulnerability
-
http://www.securitytracker.com/id/1031006
Juniper JunosE ICMP Processing Error Lets Remote Users Deny Service - SecurityTracker
-
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10651
Juniper Networks - 2014-10 Security Bulletin: JunosE: SRP Reset upon receipt of a malformed ICMP packet when icmpTraffic logging is enabled (CVE-2014-6377)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/96907
Juniper JunosE ICMP denial of service CVE-2014-6377 Vulnerability Report
Jump to