Vulnerabilities > CVE-2014-0618 - Denial of Service vulnerability in Juniper Junos
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 5 | |
Hardware | 12 |
Nessus
NASL family | Junos Local Security Checks |
NASL id | JUNIPER_JSA10611.NASL |
description | According to its self-reported version number, the remote Juniper Junos SRX series device is affected by a denial of service vulnerability in the flow daemon (flowd) when handling certain valid HTTP protocol messages. A remote attacker can exploit this to crash the device. Note that this issue only affects devices configured as a Unified Access Control (UAC) enforcer in a UAC network with Captive Portal authentication enabled. |
last seen | 2019-10-28 |
modified | 2014-01-16 |
plugin id | 72000 |
published | 2014-01-16 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72000 |
title | Juniper Junos SRX Series flowd Remote DoS (JSA10611) |