Vulnerabilities > CVE-2014-0618 - Denial of Service vulnerability in Juniper Junos

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

juniper

nessus

NVD

Published: 2014-01-11

Updated: 2017-08-29

Summary

Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 10.4 Juniper Junos 11.4 Juniper Junos 12.1R Juniper Junos 12.1X44 Juniper Junos 12.1X45	5
Hardware	Juniper Juniper Srx100 - Juniper Srx110 - Juniper Srx1400 - Juniper Srx210 - Juniper Srx220 - Juniper Srx240 - Juniper Srx3400 - Juniper Srx3600 - Juniper Srx550 - Juniper Srx5600 - Juniper Srx5800 - Juniper Srx650 -	12

Nessus

NASL family	Junos Local Security Checks
NASL id	JUNIPER_JSA10611.NASL
description	According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a denial of service vulnerability in the flow daemon (flowd) when handling certain valid HTTP protocol messages. A remote attacker can exploit this to crash the device. Note that this issue only affects devices configured as a Unified Access Control (UAC) enforcer in a UAC network with Captive Portal authentication enabled.
last seen	2019-10-28
modified	2014-01-16
plugin id	72000
published	2014-01-16
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/72000
title	Juniper Junos SRX Series flowd Remote DoS (JSA10611)

Summary

Vulnerable Configurations

Nessus

References