Vulnerability Name:

CVE-2014-3411 (CCN-93197)

Assigned:2014-05-19
Published:2014-05-19
Updated:2017-01-07
Summary:Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2014-3411

Source: CCN
Type: JSA10625
NSM: Remote code execution vulnerability (CVE-2014-3411)

Source: SECUNIA
Type: Vendor Advisory
58684

Source: CCN
Type: OSVDB ID: 106938
Juniper NSM XDB Service Unspecified Remote Code Execution

Source: BID
Type: UNKNOWN
67445

Source: CCN
Type: BID-67445
Juniper Network and Security Manager CVE-2014-3411 Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1030253

Source: XF
Type: UNKNOWN
juniper-nsm-cve20143411-code-exec(93197)

Source: CONFIRM
Type: Vendor Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10625

Source: CCN
Type: ZDI-14-297
Juniper Network and Security Manager XDB Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:juniper:network_and_security_manager_software:2012.2:-:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r1:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r2:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r3:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r4:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r5:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:2012.2:r6:*:*:*:*:*:*
  • OR cpe:/a:juniper:network_and_security_manager_software:*:r7:*:*:*:*:*:* (Version <= 2012.2)
  • AND
  • cpe:/h:juniper:nsm3000:-:*:*:*:*:*:*:*
  • OR cpe:/h:juniper:nsmexpress:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    juniper network and security manager software 2012.2 -
    juniper network and security manager software 2012.2 r1
    juniper network and security manager software 2012.2 r2
    juniper network and security manager software 2012.2 r3
    juniper network and security manager software 2012.2 r4
    juniper network and security manager software 2012.2 r5
    juniper network and security manager software 2012.2 r6
    juniper network and security manager software * r7
    juniper nsm3000 -
    juniper nsmexpress -