Lucene search
HistoryJan 16, 2015 - 4:59 p.m.
CVE-2014-6383
juniper
junos
stateless firewall
vulnerability
trio-based pfe
cve-2014-6383
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
67.8%
The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
Affected configurations
Node
juniperjunosMatch13.3r3
ORjuniperjunosMatch14.1r1
ORjuniperjunosMatch14.2r2
| CPE | Name | Operator | Version |
|---|---|---|---|
| juniper:junos | juniper junos | eq | 13.3 |
| juniper:junos | juniper junos | eq | 14.1 |
| juniper:junos | juniper junos | eq | 14.2 |
Related
cvelist
cvelist
CVE-2014-6383
2015-01-16 16:00:00
nvd
nvd
CVE-2014-6383
2015-01-16 16:59:04
openvas
openvas
Juniper Networks Junos OS Firewall Bypass Vulnerability
2015-01-23 00:00:00
prion
prion
Design/Logic Flaw
2015-01-16 16:59:00
nessus
nessus
Juniper Junos MX Series Trio-based PFE Modules Security Bypass (JSA10666)
2015-01-23 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
67.8%
Related for CVE-2014-6383