CVE-2015-3002
First published: Fri Apr 10 2015(Updated: )
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.1x44 | |
| Juniper JUNOS | =12.1x44-d10 | |
| Juniper JUNOS | =12.1x44-d15 | |
| Juniper JUNOS | =12.1x44-d20 | |
| Juniper JUNOS | =12.1x44-d25 | |
| Juniper JUNOS | =12.1x44-d30 | |
| Juniper JUNOS | =12.1x44-d35 | |
| Juniper JUNOS | =12.1x44-d40 | |
| Juniper JUNOS | =12.1x44-d45 | |
| Juniper JUNOS | =12.1x45 | |
| Juniper JUNOS | =12.1x45-d10 | |
| Juniper JUNOS | =12.1x45-d15 | |
| Juniper JUNOS | =12.1x45-d20 | |
| Juniper JUNOS | =12.1x45-d30 | |
| Juniper JUNOS | =12.1x46 | |
| Juniper JUNOS | =12.1x46-d10 | |
| Juniper JUNOS | =12.1x46-d15 | |
| Juniper JUNOS | =12.1x46-d20 | |
| Juniper JUNOS | =12.1x46-d25 | |
| Juniper JUNOS | =12.1x47 | |
| Juniper JUNOS | =12.1x47-d10 | |
| Juniper JUNOS | =12.1x48 | |
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX3400 | ||
| Juniper SRX3600 | ||
| Juniper SRX550 | ||
| juniper srx5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-3002?
The severity of CVE-2015-3002 is classified as high due to its potential to allow unauthorized access.
How do I fix CVE-2015-3002?
To fix CVE-2015-3002, upgrade your Junos software to a version that is patched for this vulnerability, specifically 12.1X44-D45 or later, 12.1X46-D30 or later, 12.1X47-D15 or later, or 12.3X48-D10 or later.
Which devices are affected by CVE-2015-3002?
CVE-2015-3002 affects Juniper SRX series devices running specific versions of Junos, including 12.1X44, 12.1X46, 12.1X47, and 12.3X48.
What causes CVE-2015-3002?
CVE-2015-3002 is caused by improper enforcement of the log-out-on-disconnect feature in Junos console settings.
Is there a workaround for CVE-2015-3002?
Currently, there are no known workarounds for CVE-2015-3002, and upgrading to a secure version is the recommended action.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x44
- version/juniper junos/12.1x44-d10
- version/juniper junos/12.1x44-d15
- version/juniper junos/12.1x44-d20
- version/juniper junos/12.1x44-d25
- version/juniper junos/12.1x44-d30
- version/juniper junos/12.1x44-d35
- version/juniper junos/12.1x44-d40
- version/juniper junos/12.1x44-d45
- version/juniper junos/12.1x45
- version/juniper junos/12.1x45-d10
- version/juniper junos/12.1x45-d15
- version/juniper junos/12.1x45-d20
- version/juniper junos/12.1x45-d30
- version/juniper junos/12.1x46
- version/juniper junos/12.1x46-d10
- version/juniper junos/12.1x46-d15
- version/juniper junos/12.1x46-d20
- version/juniper junos/12.1x46-d25
- version/juniper junos/12.1x47
- version/juniper junos/12.1x47-d10
- version/juniper junos/12.1x48
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx3400
- canonical/juniper srx3600
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650