PT-2015-3851 · Juniper Networks · Mx Series+1
Published
2015-01-16
·
Updated
2015-02-04
·
CVE-2014-6382
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Juniper MX Series routers with Junos versions 13.3R3 through 13.3Rx before 13.3R6
Juniper MX Series routers with Junos versions 14.1 before 14.1R4
Juniper MX Series routers with Junos versions 14.1X50 before 14.1X50-D70
Juniper MX Series routers with Junos versions 14.2 before 14.2R2
Description
The issue allows remote attackers to cause a denial of service by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete, resulting in a jpppd crash and restart.
Recommendations
For Juniper MX Series routers with Junos versions 13.3R3 through 13.3Rx before 13.3R6, update to version 13.3R6 or later.
For Juniper MX Series routers with Junos versions 14.1 before 14.1R4, update to version 14.1R4 or later.
For Juniper MX Series routers with Junos versions 14.1X50 before 14.1X50-D70, update to version 14.1X50-D70 or later.
For Juniper MX Series routers with Junos versions 14.2 before 14.2R2, update to version 14.2R2 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Mx Series