CVE-2015-3007

Published: Jul 14, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Affected (12)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 12.1x46
Juniper Junos	Version 12.1x46 d10
Juniper Junos	Version 12.1x46 d15
Juniper Junos	Version 12.1x46 d20
Juniper Junos	Version 12.1x46 d25
Juniper Junos	Version 12.1x46 d30
Juniper Junos	Version 12.1x47
Juniper Junos	Version 12.1x47 d10
Juniper Junos	Version 12.1x47 d20
Juniper Junos	Version 12.3x48
Juniper Junos	Version 12.3x48 d10
Juniper Junos	Version 12.3x48 d5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1032841

Source: cve@mitre.org

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1032841

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.