6.8

CVE-2014-3825

The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version11.4
JuniperJunos Version12.1
JuniperJunos Version12.1x44
JuniperJunos Version12.1x45
JuniperJunos Version12.1x46
JuniperJunos Version12.1x47
JuniperSrx100 Version-
JuniperSrx110 Version-
JuniperSrx1400 Version-
JuniperSrx210 Version-
JuniperSrx220 Version-
JuniperSrx240 Version-
JuniperSrx3400 Version-
JuniperSrx3600 Version-
JuniperSrx550 Version-
JuniperSrx5600 Version-
JuniperSrx5800 Version-
JuniperSrx650 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.711
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.