cvelistv5 - cve-2015-3007

CVE-2015-3007 (GCVE-0-2015-3007)

Vulnerability from cvelistv5

Published

2015-07-14 17:00

Modified

2024-08-06 05:32

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2015-3007

Vulnerability from fkie_nvd

Published

2015-07-14 17:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1032841
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032841

Impacted products

Vendor	Product	Version
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x47
juniper	junos	12.1x47
juniper	junos	12.1x47
juniper	junos	12.3x48
juniper	junos	12.3x48
juniper	junos	12.3x48

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
              "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
              "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
              "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
              "matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
              "matchCriteriaId": "040A6307-236E-4FAA-9A74-676F1DB0CF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
              "matchCriteriaId": "7192552C-7D4A-4D95-BA79-CDF465E27D37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
              "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
              "matchCriteriaId": "45380883-DDAD-4046-AE92-9E030371B84F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
    },
    {
      "lang": "es",
      "value": "La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\u00edstica \u0027set system ports console insecure\u0027 (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola."
    }
  ],
  "id": "CVE-2015-3007",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-14T17:59:03.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032841"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2015-3007

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3007

Aliases

CVE-2015-3007

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3007",
    "description": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
    "id": "GSD-2015-3007"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3007"
      ],
      "details": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
      "id": "GSD-2015-3007",
      "modified": "2023-12-13T01:20:07.829686Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3007",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
          },
          {
            "name": "1032841",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032841"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3007"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
            },
            {
              "name": "1032841",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032841"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-07-15T18:31Z",
      "publishedDate": "2015-07-14T17:59Z"
    }
  }
}

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	SRX Network Security Daemon
N/A	N/A	Junos OS avec J-Web activé
Juniper Networks	Junos OS	Junos OS 12.1X46-D15 et versions ultérieures
N/A	N/A	CTPView version 7.1R1

References

Title

Publication Time

ghsa-xvjx-89jh-j37p

Vulnerability from github

Published

2022-05-17 04:11

Modified

2022-05-17 04:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-14T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
  "id": "GHSA-xvjx-89jh-j37p",
  "modified": "2022-05-17T04:11:33Z",
  "published": "2022-05-17T04:11:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3007"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032841"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201507-0639

Vulnerability from variot

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. The Juniper SRX Series is Juniper Networks' SRX series of devices running the Junos operating system. Juniper Junos is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The following releases are affected: Junos OS 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, and 12.3X48 prior to 12.3X48-D15

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0639",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.3x48"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x47-d25"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.3x48"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.3x48-d15"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x46-d35"
      },
      {
        "model": "networks junos os 12.1x46",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos os 12.1x47",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos os 12.3x48",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:juniper:junos",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "75718"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3007",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-3007",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2015-04710",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-80968",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-3007",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-3007",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04710",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-363",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80968",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. The Juniper SRX Series is Juniper Networks\u0027 SRX series of devices running the Junos operating system. Juniper Junos is prone to a local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The following releases are affected: Junos OS 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, and 12.3X48 prior to 12.3X48-D15",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3007",
        "trust": 3.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10683",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1032841",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "75718",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "id": "VAR-201507-0639",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:05:38.576000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10683",
        "trust": 0.8,
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
      },
      {
        "title": "Juniper SRX Series services gateways permission to obtain vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/61156"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10683"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032841"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3007"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3007"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10683\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10683"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "date": "2015-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "BID",
        "id": "75718"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "date": "2015-07-14T17:59:03.400000",
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "BID",
        "id": "75718"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      },
      {
        "date": "2024-11-21T02:28:29.900000",
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper SRX Series service gateway  Junos OS Vulnerabilities in which administrator privileges are obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2015-04710

Vulnerability from cnvd

Title

Juniper SRX Series services gateways权限获取漏洞

Description

Juniper SRX Series是美国瞻博网络（Juniper Networks）公司的运行有Junos操作系统的SRX系列设备。 Juniper SRX Series services gateways with Junos OS 12.1X46-D35之前的12.1X46版本， 12.1X47-D25之前的12.1X47版本,12.3X48-D15之前的12.3X48版本存在组件漏洞,允许攻击者通过利用访问控制台端口获得管理权限。

Severity

高

Patch Name

Juniper SRX Series services gateways权限获取漏洞的补丁

Patch Description

Juniper SRX Series是美国瞻博网络（Juniper Networks）公司的运行有Junos操作系统的SRX系列设备。Juniper SRX Series services gateways with Junos OS 12.1X46-D35之前的12.1X46版本， 12.1X47-D25之前的12.1X47版本,12.3X48-D15之前的12.3X48版本存在组件漏洞,允许攻击者通过利用访问控制台端口获得管理权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Impacted products

Name
['Juniper Networks Junos OS 12.1X46(<12.1X46-D35)', 'Juniper Networks Junos OS 12.1X47(<12.1X47-D25)', 'Juniper Networks Junos OS 12.3X48(<12.3X48-D15)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75718"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3007"
    }
  },
  "description": "Juniper SRX Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u8fd0\u884c\u6709Junos\u64cd\u4f5c\u7cfb\u7edf\u7684SRX\u7cfb\u5217\u8bbe\u5907\u3002\r\n\r\nJuniper SRX Series services gateways with Junos OS 12.1X46-D35\u4e4b\u524d\u768412.1X46\u7248\u672c\uff0c 12.1X47-D25\u4e4b\u524d\u768412.1X47\u7248\u672c,12.3X48-D15\u4e4b\u524d\u768412.3X48\u7248\u672c\u5b58\u5728\u7ec4\u4ef6\u6f0f\u6d1e,\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u8bbf\u95ee\u63a7\u5236\u53f0\u7aef\u53e3\u83b7\u5f97\u7ba1\u7406\u6743\u9650\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04710",
  "openTime": "2015-07-22",
  "patchDescription": "Juniper SRX Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u8fd0\u884c\u6709Junos\u64cd\u4f5c\u7cfb\u7edf\u7684SRX\u7cfb\u5217\u8bbe\u5907\u3002Juniper SRX Series services gateways with Junos OS 12.1X46-D35\u4e4b\u524d\u768412.1X46\u7248\u672c\uff0c 12.1X47-D25\u4e4b\u524d\u768412.1X47\u7248\u672c,12.3X48-D15\u4e4b\u524d\u768412.3X48\u7248\u672c\u5b58\u5728\u7ec4\u4ef6\u6f0f\u6d1e,\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u8bbf\u95ee\u63a7\u5236\u53f0\u7aef\u53e3\u83b7\u5f97\u7ba1\u7406\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper SRX Series services gateways\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Junos OS 12.1X46(\u003c12.1X46-D35)",
      "Juniper Networks Junos OS 12.1X47(\u003c12.1X47-D25)",
      "Juniper Networks Junos OS 12.3X48(\u003c12.3X48-D15)"
    ]
  },
  "referenceLink": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-16",
  "title": "Juniper SRX Series services gateways\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-3007 (GCVE-0-2015-3007)

Vulnerability from cvelistv5

fkie_cve-2015-3007

Vulnerability from fkie_nvd

gsd-2015-3007

Vulnerability from gsd

CERTFR-2015-AVI-286

Vulnerability from certfr_avis

Contournement provisoire

ghsa-xvjx-89jh-j37p

Vulnerability from github

var-201507-0639

Vulnerability from variot

cnvd-2015-04710

Vulnerability from cnvd

Tags

Sightings

Nomenclature