CVE-2015-7755

Published: Dec 19, 2015Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

Affected (4)

Products: Juniper: Screenos

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Juniper Screenos	Version 6.3.0 r17
Juniper Screenos	Version 6.3.0 r18
Juniper Screenos	Version 6.3.0 r19
Juniper Screenos	Version 6.3.0 r20

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (23)

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

Source: cve@mitre.org

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

Source: cve@mitre.org

ExploitVendor Advisory

http://twitter.com/cryptoron/statuses/677900647560253442

Source: cve@mitre.org

Broken Link

http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/

Source: cve@mitre.org

Permissions Required

http://www.kb.cert.org/vuls/id/640184

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/79626

Source: cve@mitre.org

Broken Link

http://www.securitytracker.com/id/1034489

Source: cve@mitre.org

Broken Link

http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/

Source: cve@mitre.org

Third Party Advisory

https://adamcaudill.com/2015/12/17/much-ado-about-juniper/

Source: cve@mitre.org

Third Party Advisory

https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554

Source: cve@mitre.org

Vendor Advisory

https://github.com/hdm/juniper-cve-2015-7755

Source: cve@mitre.org

Third Party Advisory

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://twitter.com/cryptoron/statuses/677900647560253442

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

http://www.kb.cert.org/vuls/id/640184

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/79626

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securitytracker.com/id/1034489

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://adamcaudill.com/2015/12/17/much-ado-about-juniper/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/hdm/juniper-cve-2015-7755

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.