← Voltar para CVEs
CVE-2015-7755
CRITICALCISA KEV9.8
Descricao
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/19/2015
Ultima modificacao10/22/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorJuniper
ProdutoScreenOS
Nome da vulnerabilidadeJuniper ScreenOS Improper Authentication Vulnerability
Data inclusao KEV2025-10-02
Prazo de remediacao2025-10-23
Uso em ransomwareUnknown
Produtos afetados
juniper:screenos
Fraquezas (CWE)
CWE-287CWE-287
Referencias
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(cve@mitre.org)
http://twitter.com/cryptoron/statuses/677900647560253442(cve@mitre.org)
http://www.kb.cert.org/vuls/id/640184(cve@mitre.org)
http://www.securityfocus.com/bid/79626(cve@mitre.org)
http://www.securitytracker.com/id/1034489(cve@mitre.org)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(cve@mitre.org)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(cve@mitre.org)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(cve@mitre.org)
https://github.com/hdm/juniper-cve-2015-7755(cve@mitre.org)
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/(af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713(af854a3a-2127-422b-91ae-364da2661108)
http://twitter.com/cryptoron/statuses/677900647560253442(af854a3a-2127-422b-91ae-364da2661108)
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/640184(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/79626(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034489(af854a3a-2127-422b-91ae-364da2661108)
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/(af854a3a-2127-422b-91ae-364da2661108)
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/(af854a3a-2127-422b-91ae-364da2661108)
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hdm/juniper-cve-2015-7755(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.