First published: Fri Jan 16 2015(Updated: )
The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Junos OS Evolved | =13.3-r3 | |
Junos OS Evolved | =13.3-r4 | |
Junos OS Evolved | =13.3-r5 | |
Junos OS Evolved | =14.1 | |
Junos OS Evolved | =14.1-r1 | |
Junos OS Evolved | =14.1-r2 | |
Junos OS Evolved | =14.1-r3 | |
Junos OS Evolved | =14.2 | |
Junos OS Evolved | =14.2-r1 | |
Juniper MX10 | ||
Juniper MX104 | ||
Juniper MX2010 | ||
Juniper MX2020 | ||
Juniper MX240 | ||
Juniper MX40 | ||
Juniper MX480 | ||
Juniper MX80 | ||
Juniper MX960 | ||
Juniper vMX |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-6382 is classified as a high severity vulnerability that allows remote attackers to cause a denial of service.
To fix CVE-2014-6382, upgrade your Junos version to 13.3R6, 14.1R4, 14.1X50-D70 or 14.2R2 or later.
The affected devices are Juniper MX Series routers running Junos versions 13.3R3 through 14.2R1.
CVE-2014-6382 enables remote denial of service attacks that can crash and restart the jpppd service.
Yes, CVE-2014-6382 occurs when Juniper MX Series routers are configured as broadband edge (BBE) routers.