TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2015-7755

CRITICALCISA KEV
9.8

Beschreibung

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/19/2015
Zuletzt geandert10/22/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerJuniper
ProduktScreenOS
SchwachstellennameJuniper ScreenOS Improper Authentication Vulnerability
KEV Aufnahmedatum2025-10-02
Behebungsfrist2025-10-23
Ransomware-NutzungUnknown

Betroffene Produkte

juniper:screenos

Schwachen (CWE)

CWE-287CWE-287

Referenzen

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(cve@mitre.org)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(cve@mitre.org)
http://twitter.com/cryptoron/statuses/677900647560253442(cve@mitre.org)
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(cve@mitre.org)
http://www.kb.cert.org/vuls/id/640184(cve@mitre.org)
http://www.securityfocus.com/bid/79626(cve@mitre.org)
http://www.securitytracker.com/id/1034489(cve@mitre.org)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(cve@mitre.org)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(cve@mitre.org)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(cve@mitre.org)
https://github.com/hdm/juniper-cve-2015-7755(cve@mitre.org)
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(af854a3a-2127-422b-91ae-364da2661108)
http://twitter.com/cryptoron/statuses/677900647560253442(af854a3a-2127-422b-91ae-364da2661108)
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/640184(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/79626(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034489(af854a3a-2127-422b-91ae-364da2661108)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(af854a3a-2127-422b-91ae-364da2661108)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(af854a3a-2127-422b-91ae-364da2661108)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hdm/juniper-cve-2015-7755(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.