CVE-2015-3002
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD
Description
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.
Affected (22)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.1x44 |
| Running on/with | Platform Versions |
|---|---|
Juniper Srx100 | All versions |
Juniper Srx110 | All versions |
Juniper Srx1400 | All versions |
Juniper Srx210 | All versions |
Juniper Srx220 | All versions |
Juniper Srx240 | All versions |
Juniper Srx3400 | All versions |
Juniper Srx3600 | All versions |
Juniper Srx550 | All versions |
Juniper Srx5600 | All versions |
Juniper Srx5800 | All versions |
Juniper Srx650 | All versions |
Related CWEs
References (6)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.