CVE-2015-3006: Junos: QFX Series: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up
First published: Fri Feb 28 2020(Updated: )
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.2x50-d10 | |
| Juniper JUNOS | =12.2x50-d20 | |
| Juniper JUNOS | =12.2x50-d41.1 | |
| Juniper JUNOS | =12.2x50-d42.1 | |
| Juniper JUNOS | =12.2x50-d56.1 | |
| Juniper JUNOS | =13.1x50-d10 | |
| Juniper JUNOS | =13.1x50-d25 | |
| Juniper JUNOS | =13.2x51-d15 | |
| Juniper JUNOS | =13.2x51-d20 | |
| Juniper JUNOS | =13.2x51-d20.2 | |
| Juniper JUNOS | =13.2x51-d21 | |
| Juniper JUNOS | =13.2x52-d10 | |
| Juniper JUNOS | =13.2x52-d5 | |
| Juniper JUNOS | =14.1x53 | |
| Juniper Qfx3500 | ||
| Juniper Qfx3600 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS 12.2X50-D70 13.1X50-D30 13.2X51-D25 13.2X51-D30 13.2X52-D15 14.1X53-D10, and all subsequent releases. It is recommended to regenerate SSH keys or self signed certificates.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2015-3006?
CVE-2015-3006 is a vulnerability found on the QFX3500 and QFX3600 platforms that leads to weak or duplicate SSH keys or self-signed SSL/TLS certificates due to insufficient entropy.
Which platforms are affected by CVE-2015-3006?
CVE-2015-3006 affects the QFX3500 and QFX3600 platforms.
How does CVE-2015-3006 impact the affected platforms?
CVE-2015-3006 can result in the generation of weak or duplicate SSH keys or self-signed SSL/TLS certificates.
What is the severity of CVE-2015-3006?
CVE-2015-3006 has a severity rating of 6.5, considered medium.
Where can I find more information about CVE-2015-3006?
More information about CVE-2015-3006 can be found at the Juniper Networks Knowledge Base: https://kb.juniper.net/JSA10678
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.2x50-d10
- version/juniper junos/12.2x50-d20
- version/juniper junos/12.2x50-d41.1
- version/juniper junos/12.2x50-d42.1
- version/juniper junos/12.2x50-d56.1
- version/juniper junos/13.1x50-d10
- version/juniper junos/13.1x50-d25
- version/juniper junos/13.2x51-d15
- version/juniper junos/13.2x51-d20
- version/juniper junos/13.2x51-d20.2
- version/juniper junos/13.2x51-d21
- version/juniper junos/13.2x52-d10
- version/juniper junos/13.2x52-d5
- version/juniper junos/14.1x53
- canonical/juniper qfx3500
- canonical/juniper qfx3600