| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.5 | $0-$5k | 0.00 |
A vulnerability was found in Juniper Junos (Router Operating System). It has been rated as critical. Affected by this issue is an unknown function of the component Fragmentation Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability.
The weakness was published 10/08/2014 with Juniper as JSA10655 as confirmed advisory (Website). The advisory is shared for download at kb.juniper.net. This vulnerability is handled as CVE-2014-6380 since 09/11/2014. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1499. The advisory points out:
Traffic between the RE and transit interfaces is carried over an internal network between the PFEs and REs. Some REs use em interfaces (usually, em0 and em1) to connect to this network. Receipt of a carefully crafted set of fragmented packets, destined to the router, can cause the em driver to become permanently blocked when trying to formulate a reply. This will cause the RE to be unable to communicate over the private network that connects the FPCs and REs eventually causing all FPCs to go offline and stay offline. Systems with redundant REs will failover, but would then be subject to the same issue. For systems without modular FPCs (for example, MX80), the FPC will reboot and clear the em0 interface output queue. However, additional crafted fragments will cause the issue to reoccur.
The vulnerability scanner Nessus provides a plugin with the ID 78426 , which helps to determine the existence of the flaw in a target environment. It is . The advisory illustrates:
This issue is applicable to IPv4, IPv6, and CLNP fragmentation and reassembly scenarios. Transit traffic does not trigger this issue. Additionally, CLNP is only vulnerable if clns-routing or ESIS is explicitly configured,
Upgrading to version 11.4R11, 12.1R9, 12.1X44-D30, 12.1X45-D20, 12.1X46-D15, 12.1X47-D10, 12.2R8, 12.2X50-D70, 12.3R6, 13.1R4, 13.1X49-D55, 13.1X50-D30, 13.2R4, 13.2X50-D20, 13.2X51-D15, 13.2X52-D15 or 13.3R1 eliminates this vulnerability.Addressing this vulnerability is possible by firewalling Fragmented Traffic. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:
Today's network infrastructure typically will not have fragmented packets destined for the router's control or management plane. In most cases, it is safe to apply packet filters which will prevent fragmented packets from arriving on the router. Usually, fragmented packets received by a router indicate a problem with the network or a DoS attack against the router. In either case, fragmented packets should be dropped to protect the router's control and management plane.
The vulnerability is also documented in the databases at X-Force (96904) and Tenable (78426). Similar entries are available at 67762, 67761, 67759 and 67758.
Product
Type
Vendor
Name
Version
- 11.4
- 12.1
- 12.1r
- 12.1x44
- 12.1x45
- 12.1x46
- 12.1x47
- 12.2
- 12.2x50
- 12.3
- 13.1
- 13.1x49
- 13.1x50
- 13.2
- 13.2x50
- 13.2x51
- 13.2x52
- 13.3
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.5
VulDB Base Score: 7.5
VulDB Temp Score: 6.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 78426
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Port: 🔍
OpenVAS ID: 802738
OpenVAS Name: Junos FPC Denial of Service Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Junos 11.4R11/12.1R9/12.1X44-D30/12.1X45-D20/12.1X46-D15/12.1X47-D10/12.2R8/12.2X50-D70/12.3R6/13.1R4/13.1X49-D55/13.1X50-D30/13.2R4/13.2X50-D20/13.2X51-D15/13.2X52-D15/13.3R1
Firewalling: 🔍
Timeline
09/11/2014 🔍10/08/2014 🔍
10/08/2014 🔍
10/09/2014 🔍
10/09/2014 🔍
10/10/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
10/14/2014 🔍
02/21/2022 🔍
Sources
Vendor: juniper.netAdvisory: JSA10655
Organization: Juniper
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-6380 (🔍)
IAVM: 🔍
X-Force: 96904 - Juniper Junos traffic denial of service, High Risk
SecurityTracker: 1031011
Vulnerability Center: 46425 - Juniper JunOS Remote DoS via Crafted Fragmented Packets - CVE-2014-6380, High
SecurityFocus: 70369 - Juniper Junos CVE-2014-6380 Denial of Service Vulnerability
See also: 🔍
Entry
Created: 10/10/2014 10:38Updated: 02/21/2022 14:42
Changes: 10/10/2014 10:38 (78), 04/29/2019 07:04 (5), 02/21/2022 14:39 (3), 02/21/2022 14:42 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.