Details of VAR-201401-0345

ID

VAR-201401-0345

CVE

CVE-2014-0613

TITLE

Juniper Junos XNM Command Processor Denial of Service Vulnerability

Trust: 0.9

sources: BID: 64998 // CNNVD: CNNVD-201401-216

DESCRIPTION

The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Juniper Junos is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to consume excessive amounts of memory, resulting in a denial-of-service condition. Juniper Networks Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in the XNM command processor in Juniper Junos. The following versions are affected: Juniper Junos 10.4 prior to 10.4R16, 11.4 prior to 11.4R10, 12.1R prior to 12.1R8-S2, 12.1X44 prior to 12.1X44-D30, 12.1X45 prior to 12.1X45-D20 , 12.1X46 version before 12.1X46-D10, 12.2 version before 12.2R7, 12.3 version before 12.3R5, 13.1 version before 13.1R3-S1, 13.2 version before 13.2R2-S2, 13.3 version before 13.3R1

Trust: 1.98

sources: NVD: CVE-2014-0613 // JVNDB: JVNDB-2014-001064 // BID: 64998 // VULHUB: VHN-68106

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	13.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.1	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.3	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.2	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x46	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x45	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	12.1x44	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	10.4	Trust: 1.9
vendor:	juniper	model:	junos	scope:	eq	version:	13.3	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	12.1r	Trust: 1.6
vendor:	juniper	model:	junos	scope:	eq	version:	11.4	Trust: 1.3
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1r8-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x44	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	10.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x44-d30	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	11.4	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.2r7	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.3r1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.3	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	10.4r16	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x45-d20	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	13.1	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x45	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1x46	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.1x46-d10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	11.4r10	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	lt	version:	12.1r	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	12.3r5	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.2r2-s2	Trust: 0.8
vendor:	juniper	model:	junos os	scope:	eq	version:	13.1r3-s1	Trust: 0.8
vendor:	juniper	model:	junos 12.1r	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.3r1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2r2-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1r3-s1	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.3r5	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2r7	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x46-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x45-d20	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1x44-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.1r8-s2	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 11.4r10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 10.4r16	scope:	ne	version:	-	Trust: 0.3

sources: BID: 64998 // JVNDB: JVNDB-2014-001064 // CNNVD: CNNVD-201401-216 // NVD: CVE-2014-0613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0613
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0613
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201401-216
value:	HIGH
Trust: 0.6
VULHUB:	VHN-68106
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0613
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68106
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68106 // JVNDB: JVNDB-2014-001064 // CNNVD: CNNVD-201401-216 // NVD: CVE-2014-0613

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-0613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-216

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201401-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001064

PATCH

title:

JSA10607

url:

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10607

Trust: 0.8

sources: JVNDB: JVNDB-2014-001064

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0613	Trust: 2.8
db:	JUNIPER	id:	JSA10607	Trust: 2.0
db:	OSVDB	id:	101861	Trust: 1.7
db:	SECTRACK	id:	1029586	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-001064	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-216	Trust: 0.7
db:	BID	id:	64998	Trust: 0.4
db:	VULHUB	id:	VHN-68106	Trust: 0.1

sources: VULHUB: VHN-68106 // BID: 64998 // JVNDB: JVNDB-2014-001064 // CNNVD: CNNVD-201401-216 // NVD: CVE-2014-0613

REFERENCES

url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10607	Trust: 1.9
url:	http://osvdb.org/101861	Trust: 1.7
url:	http://www.securitytracker.com/id/1029586	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0613	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0613	Trust: 0.8
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.juniper.net/us/en/products-services/nos/junos/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10607	Trust: 0.1

sources: VULHUB: VHN-68106 // BID: 64998 // JVNDB: JVNDB-2014-001064 // CNNVD: CNNVD-201401-216 // NVD: CVE-2014-0613

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 64998

SOURCES

db:	VULHUB	id:	VHN-68106
db:	BID	id:	64998
db:	JVNDB	id:	JVNDB-2014-001064
db:	CNNVD	id:	CNNVD-201401-216
db:	NVD	id:	CVE-2014-0613

LAST UPDATE DATE

2025-04-11T23:04:02.170000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68106	date:	2014-01-15T00:00:00
db:	BID	id:	64998	date:	2014-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001064	date:	2014-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201401-216	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2014-0613	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68106	date:	2014-01-15T00:00:00
db:	BID	id:	64998	date:	2014-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2014-001064	date:	2014-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201401-216	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2014-0613	date:	2014-01-15T16:08:04.157