← Retour aux CVEs

CVE-2015-7755

CRITICALCISA KEV

9.8

Description

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/19/2015

Derniere modification10/22/2025

Sourcekev

Observations honeypot0

CISA KEV

FournisseurJuniper

ProduitScreenOS

Nom vulnerabiliteJuniper ScreenOS Improper Authentication Vulnerability

Date ajout KEV2025-10-02

Date limite remediation2025-10-23

Utilise dans ransomwareUnknown

Produits affectes

juniper:screenos

Faiblesses (CWE)

CWE-287CWE-287

References

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(cve@mitre.org)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(cve@mitre.org)

http://twitter.com/cryptoron/statuses/677900647560253442(cve@mitre.org)

http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(cve@mitre.org)

http://www.kb.cert.org/vuls/id/640184(cve@mitre.org)

http://www.securityfocus.com/bid/79626(cve@mitre.org)

http://www.securitytracker.com/id/1034489(cve@mitre.org)

http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(cve@mitre.org)

https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(cve@mitre.org)

https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(cve@mitre.org)

https://github.com/hdm/juniper-cve-2015-7755(cve@mitre.org)

http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(af854a3a-2127-422b-91ae-364da2661108)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(af854a3a-2127-422b-91ae-364da2661108)

http://twitter.com/cryptoron/statuses/677900647560253442(af854a3a-2127-422b-91ae-364da2661108)

http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(af854a3a-2127-422b-91ae-364da2661108)

http://www.kb.cert.org/vuls/id/640184(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/79626(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1034489(af854a3a-2127-422b-91ae-364da2661108)

http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(af854a3a-2127-422b-91ae-364da2661108)

https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(af854a3a-2127-422b-91ae-364da2661108)

https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/hdm/juniper-cve-2015-7755(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.