certfr_alerte - certfr-2015-ale-014

CERTFR-2015-ALE-014

Vulnerability from certfr_alerte

Une vulnérabilité a été découverte dans Juniper ScreenOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Une mise à jour de sécurité a été publiée hier sur le site officiel de Juniper.

Cette mise à jour corrige plusieurs failles de sécurité critiques au niveau du système ScreenOS, identifiées à la suite d'un audit de code interne réalisé par Juniper.

La première vulnérabilité corrigée permettait à un attaquant de se connecter, via les protocoles SSH ou telnet, à tout équipement réseau Juniper utilisant une version vulnérable du système d'exploitation ScreenOS (versions antérieures à 6.2.0r18 ou 6.3.0r20).

De plus, le mot de passe de la porte dérobée a été identifié et a été rendu public sur Internet.

Cette compromission peut être détectée par la présence dans les journaux de notifications de connexions "anormales" pendant lesquelles le passage en mode administrateur (system) s'effectue depuis un compte utilisateur "standard" (username2) :

    2015-12-17 09:00:00 system warn 00515 Admin user system has logged on 
        via SSH from [...]
    2015-12-17 09:00:00 system warn 00528 SSH: Password authentication 
        successful for admin user 'username2' at host [...]

Cependant la société Juniper souligne le fait qu'unattaquant, ayant le niveau requis pour exploiter cettevulnérabilité, aura vraisemblablement effacé toute trace de sesconnexions dans les journaux.

La société Fox-It propose des signatures au format Snort afin d'identifer toute tentative de connexion à un équipement Juniper vulnérable via la porte dérobée.

La seconde vulnérabilité permettait à un attaquant, en capacité d'écouter le trafic VPN émis depuis un équipement concerné, de déchiffrer ce trafic.

Le CERT-FR recommande donc aux utilisateur de Juniper ScreenOS de procéder à une mise à jour immédiate du système d'exploitation. De plus, le CERT-FR insiste sur l'importance d'isoler l'accès aux interfaces d'administration des équipements réseaux afin de n'autoriser que les connexions depuis des systèmes de confiance.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Juniper ScreenOS versions 6.3.0r12 à 6.3.0r20
	N/A	N/A	Juniper ScreenOS versions 6.2.0r15 à 6.2.0r18

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper SA10713 du 17 décembre 2015	None	vendor-advisory
ScreenOS 6.3.0r22	-	other
Annonce Juniper	-	other
Règles Snort de détection d'exploitation	-	other
CERTFR-2016-AVI-117	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper ScreenOS versions 6.3.0r12 \u00e0 6.3.0r20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2.0r15 \u00e0 6.2.0r18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2016-04-11",
  "content": "## Solution\n\nUne mise \u00e0 jour de s\u00e9curit\u00e9 a \u00e9t\u00e9 publi\u00e9e hier sur le site officiel de\nJuniper.\n\nCette mise \u00e0 jour corrige plusieurs failles de s\u00e9curit\u00e9 critiques au\nniveau du syst\u00e8me ScreenOS, identifi\u00e9es \u00e0 la suite d\u0027un audit de code\ninterne r\u00e9alis\u00e9 par Juniper.\n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 corrig\u00e9e permettait \u00e0 un attaquant de se\nconnecter, via les protocoles SSH ou telnet, \u00e0 tout \u00e9quipement r\u00e9seau\nJuniper utilisant une version vuln\u00e9rable du syst\u00e8me d\u0027exploitation\nScreenOS (versions ant\u00e9rieures \u00e0 6.2.0r18 ou 6.3.0r20).\n\nDe plus, le mot de passe de la porte d\u00e9rob\u00e9e a \u00e9t\u00e9 identifi\u00e9 et a \u00e9t\u00e9\nrendu public sur Internet.\n\nCette compromission peut \u00eatre d\u00e9tect\u00e9e par la pr\u00e9sence dans les journaux\nde notifications de connexions \"anormales\" pendant lesquelles le passage\nen mode administrateur (system) s\u0027effectue depuis un compte utilisateur\n\"standard\" (username2) :\n\n        2015-12-17 09:00:00 system warn 00515 Admin user system has logged on \n            via SSH from [...]\n        2015-12-17 09:00:00 system warn 00528 SSH: Password authentication \n            successful for admin user \u0027username2\u0027 at host [...]\n\nCependant la soci\u00e9t\u00e9 Juniper souligne le fait qu\u0027unattaquant, ayant le\nniveau requis pour exploiter cettevuln\u00e9rabilit\u00e9, aura vraisemblablement\neffac\u00e9 toute trace de sesconnexions dans les journaux.\n\nLa soci\u00e9t\u00e9 Fox-It propose des signatures au format Snort afin\nd\u0027identifer toute tentative de connexion \u00e0 un \u00e9quipement Juniper\nvuln\u00e9rable via la porte d\u00e9rob\u00e9e.\n\nLa seconde vuln\u00e9rabilit\u00e9 permettait \u00e0 un attaquant, en capacit\u00e9\nd\u0027\u00e9couter le trafic VPN \u00e9mis depuis un \u00e9quipement concern\u00e9, de\nd\u00e9chiffrer ce trafic.\n\nLe CERT-FR recommande donc aux utilisateur de Juniper ScreenOS de\nproc\u00e9der \u00e0 une mise \u00e0 jour imm\u00e9diate du syst\u00e8me d\u0027exploitation. De plus,\nle CERT-FR insiste sur l\u0027importance d\u0027isoler l\u0027acc\u00e8s aux interfaces\nd\u0027administration des \u00e9quipements r\u00e9seaux afin de n\u0027autoriser que les\nconnexions depuis des syst\u00e8mes de confiance.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    },
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    }
  ],
  "initial_release_date": "2015-12-18T00:00:00",
  "last_revision_date": "2016-04-11T00:00:00",
  "links": [
    {
      "title": "ScreenOS 6.3.0r22",
      "url": "http://www.juniper.net/support/downloads/screenos.html"
    },
    {
      "title": "Annonce Juniper",
      "url": "http://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368"
    },
    {
      "title": "R\u00e8gles Snort de d\u00e9tection d\u0027exploitation",
      "url": "https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f"
    },
    {
      "title": "CERTFR-2016-AVI-117",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-117/"
    }
  ],
  "reference": "CERTFR-2015-ALE-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-18T00:00:00.000000"
    },
    {
      "description": "ajout de r\u00e8gles Snort dans les contournements provisoires.",
      "revision_date": "2015-12-21T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte",
      "revision_date": "2016-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eJuniper\nScreenOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper SA10713 du 17 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CVE-2015-7756 (GCVE-0-2015-7756)

Vulnerability from cvelistv5

Published

2015-12-19 11:00

Modified

2024-08-06 07:58

Severity ?

CWE

Summary

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.

References

URL

Tags

	http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/	x_refsource_MISC
	http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/	x_refsource_MISC
	http://www.securitytracker.com/id/1034489	vdb-entry, x_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/640184	third-party-advisory, x_refsource_CERT-VN
	https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554	x_refsource_CONFIRM
	https://github.com/hdm/juniper-cve-2015-7755	x_refsource_MISC
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713	x_refsource_CONFIRM
	https://adamcaudill.com/2015/12/17/much-ado-about-juniper/	x_refsource_MISC
	http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:58:59.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
          },
          {
            "name": "1034489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034489"
          },
          {
            "name": "VU#640184",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/640184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hdm/juniper-cve-2015-7755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
        },
        {
          "name": "1034489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034489"
        },
        {
          "name": "VU#640184",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/640184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hdm/juniper-cve-2015-7755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
              "refsource": "MISC",
              "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
            },
            {
              "name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
              "refsource": "MISC",
              "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
            },
            {
              "name": "1034489",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034489"
            },
            {
              "name": "VU#640184",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/640184"
            },
            {
              "name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
              "refsource": "CONFIRM",
              "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
            },
            {
              "name": "https://github.com/hdm/juniper-cve-2015-7755",
              "refsource": "MISC",
              "url": "https://github.com/hdm/juniper-cve-2015-7755"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
            },
            {
              "name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
              "refsource": "MISC",
              "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
            },
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
              "refsource": "MISC",
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7756",
    "datePublished": "2015-12-19T11:00:00",
    "dateReserved": "2015-10-08T00:00:00",
    "dateUpdated": "2024-08-06T07:58:59.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7755 (GCVE-0-2015-7755)

Vulnerability from cvelistv5

Published

2015-12-19 11:00

Modified

2025-10-21 23:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

References

URL

Tags

	http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
	http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
	http://www.securitytracker.com/id/1034489	vdb-entry
	http://www.kb.cert.org/vuls/id/640184	third-party-advisory
	https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
	https://github.com/hdm/juniper-cve-2015-7755
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
	http://twitter.com/cryptoron/statuses/677900647560253442
	https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
	http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
	http://www.securityfocus.com/bid/79626	vdb-entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:58:59.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
          },
          {
            "name": "1034489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034489"
          },
          {
            "name": "VU#640184",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/640184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hdm/juniper-cve-2015-7755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://twitter.com/cryptoron/statuses/677900647560253442"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
          },
          {
            "name": "79626",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79626"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2015-7755",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-02T03:55:46.311110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-10-02",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:56.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-02T00:00:00+00:00",
            "value": "CVE-2015-7755 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T16:48:24.593Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
        },
        {
          "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
        },
        {
          "name": "1034489",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1034489"
        },
        {
          "name": "VU#640184",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/640184"
        },
        {
          "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
        },
        {
          "url": "https://github.com/hdm/juniper-cve-2015-7755"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
        },
        {
          "url": "http://twitter.com/cryptoron/statuses/677900647560253442"
        },
        {
          "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
        },
        {
          "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
        },
        {
          "name": "79626",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/79626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
              "refsource": "MISC",
              "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
            },
            {
              "name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
              "refsource": "MISC",
              "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
            },
            {
              "name": "1034489",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034489"
            },
            {
              "name": "VU#640184",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/640184"
            },
            {
              "name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
              "refsource": "CONFIRM",
              "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
            },
            {
              "name": "https://github.com/hdm/juniper-cve-2015-7755",
              "refsource": "MISC",
              "url": "https://github.com/hdm/juniper-cve-2015-7755"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
            },
            {
              "name": "http://twitter.com/cryptoron/statuses/677900647560253442",
              "refsource": "MISC",
              "url": "http://twitter.com/cryptoron/statuses/677900647560253442"
            },
            {
              "name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
              "refsource": "MISC",
              "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
            },
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
              "refsource": "MISC",
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
            },
            {
              "name": "79626",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7755",
    "datePublished": "2015-12-19T11:00:00.000Z",
    "dateReserved": "2015-10-08T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:55:56.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2015-ALE-014

Vulnerability from certfr_alerte

Solution

CVE-2015-7756 (GCVE-0-2015-7756)

Vulnerability from cvelistv5

CVE-2015-7755 (GCVE-0-2015-7755)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature