Critical Vulnerability Information Vulnerability Details CVE Number: CVE-2014-3819 Vulnerability Title: Junos: rpd core upon receipt of invalid PIM packet Advisory Number: JSA10637 Creation Date: 2014-07-01 Update Date: 2014-07-15 Affected Products Any product or platform running Junos OS with PIM enabled and configured for Auto-RP may be affected. Issue Description Receiving malformed PIM packets may cause the RPD routing process to crash and restart. All PIM routers configured to use Auto-RP for automatic group-to-RP mapping are affected. If Auto-RP is not used in the network, there is no impact. No malicious exploitation of this vulnerability has been observed to date. Solution The following versions have been updated to address this specific issue: Junos OS 11.4R12, 12.1R10, 12.1X44-D35, 12.1X45-D25, 12.1X46-D20, 12.1X47-D10, 12.2R8, 12.3R7, 13.1R4, 13.2R4, 13.3R2, 14.1R1, and all subsequent builds (i.e., all builds after 14.1R1). Workarounds No known workarounds exist for this issue. Severity Assessment Severity Level: High CVSS Score: 5.7 (AV:N/AC:L/Au:N/C:N/I:N/A:C) Related Information Juniper Networks SIRT Monthly Security Bulletin Publication Process In Which Versions Is the Vulnerability Fixed? Common Vulnerability Scoring System (CVSS) and Juniper Security Advisories Reporting Vulnerabilities - How to Contact Juniper Network Security Incident Response Team CVE-2014-3819: rpd Core Crash Upon Receipt of Invalid PIM Packet Acknowledgments Relevant researchers and contributors