CVE-2014-6382

Published: Jan 16, 2015Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete.

Affected (9)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

9 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Juniper Junos	Version 13.3 r3
Juniper Junos	Version 13.3 r4
Juniper Junos	Version 13.3 r5
Juniper Junos	Version 14.1
Juniper Junos	Version 14.1 r1
Juniper Junos	Version 14.1 r2
Juniper Junos	Version 14.1 r3
Juniper Junos	Version 14.2
Juniper Junos	Version 14.2 r1

Running on/with	Platform Versions
Juniper Mx10	All versions
Juniper Mx104	All versions
Juniper Mx2010	All versions
Juniper Mx2020	All versions
Juniper Mx240	All versions
Juniper Mx40	All versions
Juniper Mx480	All versions
Juniper Mx80	All versions
Juniper Mx960	All versions
Juniper Vmx	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/72070

Source: cve@mitre.org

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10665

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/72070

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10665

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.