CVE-2015-7756
First published: Sat Dec 19 2015(Updated: )
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper NetScreen ScreenOS | =6.2.0r15 | |
| Juniper NetScreen ScreenOS | =6.2.0r16 | |
| Juniper NetScreen ScreenOS | =6.2.0r17 | |
| Juniper NetScreen ScreenOS | =6.2.0r18 | |
| Juniper NetScreen ScreenOS | =6.3.0-r12 | |
| Juniper NetScreen ScreenOS | =6.3.0-r14 | |
| Juniper NetScreen ScreenOS | =6.3.0-r15 | |
| Juniper NetScreen ScreenOS | =6.3.0-r16 | |
| Juniper NetScreen ScreenOS | =6.3.0-r17 | |
| Juniper NetScreen ScreenOS | =6.3.0-r18 | |
| Juniper NetScreen ScreenOS | =6.3.0-r19 | |
| Juniper NetScreen ScreenOS | =6.3.0-r20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
- http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
- http://www.kb.cert.org/vuls/id/640184
- http://www.securitytracker.com/id/1034489
- http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
- https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
- https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
- https://github.com/hdm/juniper-cve-2015-7755
Frequently Asked Questions
What is the severity of CVE-2015-7756?
CVE-2015-7756 is considered critical due to its potential to allow unauthorized access to encrypted VPN traffic.
How do I fix CVE-2015-7756?
To fix CVE-2015-7756, upgrade the Juniper ScreenOS to a version that is not vulnerable, such as those released after the patches were issued.
Which versions of Juniper ScreenOS are affected by CVE-2015-7756?
CVE-2015-7756 affects Juniper ScreenOS versions 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r19.
What type of attacks can exploit CVE-2015-7756?
CVE-2015-7756 can be exploited to decrypt encrypted VPN traffic, facilitating unauthorized access to sensitive data.
Is there a workaround for CVE-2015-7756 if immediate patching is not possible?
There are no recommended workarounds for CVE-2015-7756, and immediate patching is strongly advised.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper netscreen screenos
- version/juniper netscreen screenos/6.2.0r15
- version/juniper netscreen screenos/6.2.0r16
- version/juniper netscreen screenos/6.2.0r17
- version/juniper netscreen screenos/6.2.0r18
- version/juniper netscreen screenos/6.3.0-r12
- version/juniper netscreen screenos/6.3.0-r14
- version/juniper netscreen screenos/6.3.0-r15
- version/juniper netscreen screenos/6.3.0-r16
- version/juniper netscreen screenos/6.3.0-r17
- version/juniper netscreen screenos/6.3.0-r18
- version/juniper netscreen screenos/6.3.0-r19
- version/juniper netscreen screenos/6.3.0-r20