Strix
26.1K

CVE-2014-3818

UnknownEPSS 1.90%

Last modified

CVE-2014-3818 is a vulnerability of currently unknown severity. Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.. EPSS estimates a 1.90% chance of exploitation in the next 30 days.

Description

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.

Metrics

EPSS Probability
1.90%

76.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
JuniperJunos9.1
JuniperJunos9.2
JuniperJunos9.4
JuniperJunos9.5
JuniperJunos9.6
JuniperJunos10.0
JuniperJunos10.1
JuniperJunos10.2
JuniperJunos10.3
JuniperJunos10.4
JuniperJunos10.4r
JuniperJunos10.4s
JuniperJunos11.0
JuniperJunos11.1
JuniperJunos11.2
JuniperJunos11.3
JuniperJunos11.4
JuniperJunos12.1
JuniperJunos12.1x44
JuniperJunos12.1x46
JuniperJunos12.1x47
JuniperJunos12.1x48
JuniperJunos12.2
JuniperJunos12.2x50
JuniperJunos12.3
JuniperJunos13.1
JuniperJunos13.1x49
JuniperJunos13.1x50
JuniperJunos13.2
JuniperJunos13.2x50
JuniperJunos13.2x51
JuniperJunos13.2x52
JuniperJunos13.3
JuniperJunos14.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-3818?
Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.
How severe is CVE-2014-3818?
Severity scoring for CVE-2014-3818 is pending analysis. The EPSS model estimates a 1.90% probability of exploitation in the next 30 days.
How do I fix CVE-2014-3818?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3818?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST