← Back to CVEs
CVE-2015-7755
CRITICALCISA KEV9.8
Description
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/19/2015
Last Modified10/22/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorJuniper
ProductScreenOS
Vulnerability NameJuniper ScreenOS Improper Authentication Vulnerability
KEV Date Added2025-10-02
Remediation Due Date2025-10-23
Ransomware UseUnknown
Affected Products
juniper:screenos
Weaknesses (CWE)
CWE-287CWE-287
References
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(cve@mitre.org)
http://twitter.com/cryptoron/statuses/677900647560253442(cve@mitre.org)
http://www.kb.cert.org/vuls/id/640184(cve@mitre.org)
http://www.securityfocus.com/bid/79626(cve@mitre.org)
http://www.securitytracker.com/id/1034489(cve@mitre.org)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(cve@mitre.org)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(cve@mitre.org)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(cve@mitre.org)
https://github.com/hdm/juniper-cve-2015-7755(cve@mitre.org)
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(af854a3a-2127-422b-91ae-364da2661108)
http://twitter.com/cryptoron/statuses/677900647560253442(af854a3a-2127-422b-91ae-364da2661108)
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/640184(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/79626(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034489(af854a3a-2127-422b-91ae-364da2661108)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(af854a3a-2127-422b-91ae-364da2661108)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(af854a3a-2127-422b-91ae-364da2661108)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hdm/juniper-cve-2015-7755(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.