CVE-2015-7755
First published: Sat Dec 19 2015(Updated: )
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetScreen ScreenOS | =6.3.0-r17 | |
| NetScreen ScreenOS | =6.3.0-r18 | |
| NetScreen ScreenOS | =6.3.0-r19 | |
| NetScreen ScreenOS | =6.3.0-r20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
- http://twitter.com/cryptoron/statuses/677900647560253442
- http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
- http://www.kb.cert.org/vuls/id/640184
- http://www.securityfocus.com/bid/79626
- http://www.securitytracker.com/id/1034489
- http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
- https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
- https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
- https://github.com/hdm/juniper-cve-2015-7755
Frequently Asked Questions
What is the severity of CVE-2015-7755?
CVE-2015-7755 is considered a high severity vulnerability due to its potential for unauthorized remote access.
How do I fix CVE-2015-7755?
To fix CVE-2015-7755, upgrade to ScreenOS versions 6.3.0r21 or later, or apply relevant patches provided by Juniper.
What systems are affected by CVE-2015-7755?
CVE-2015-7755 affects Juniper ScreenOS versions 6.2.0r15 through 6.3.0r20, specifically the specified releases.
What type of vulnerability is CVE-2015-7755?
CVE-2015-7755 is a vulnerability that allows unauthorized remote code execution on affected Juniper devices.
Is CVE-2015-7755 being actively exploited?
Yes, CVE-2015-7755 has been reported to be actively exploited in the wild, necessitating immediate remediation.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/netscreen screenos
- version/netscreen screenos/6.3.0-r17
- version/netscreen screenos/6.3.0-r18
- version/netscreen screenos/6.3.0-r19
- version/netscreen screenos/6.3.0-r20