cvelistv5 - cve-2015-3007

CVE-2015-3007 (GCVE-0-2015-3007)

Vulnerability from cvelistv5 – Published: 2015-07-14 17:00 – Updated: 2024-08-06 05:32

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032841	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:21.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
          },
          {
            "name": "1032841",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-07-14T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
        },
        {
          "name": "1032841",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032841"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
            },
            {
              "name": "1032841",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032841"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3007",
    "datePublished": "2015-07-14T17:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:21.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFB89F64-16BB-4A14-9084-B338668D7FF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"A71742CF-50B1-44BB-AB7B-27E5DCC9CF70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD4237A-C257-4D8A-ABC4-9B2160530A4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A449C87-C5C3-48FE-9E46-64ED5DD5F193\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4B6215F-76BF-473F-B325-0975B0EB101E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1C4A10C-49A3-4103-9E56-F881113BC5D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BB3DE56-1B04-4A53-B4A4-93286FC98463\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"181C0D30-4476-48EE-A4A4-3B2461F4AC20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*\", \"matchCriteriaId\": \"040A6307-236E-4FAA-9A74-676F1DB0CF17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7192552C-7D4A-4D95-BA79-CDF465E27D37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*\", \"matchCriteriaId\": \"45380883-DDAD-4046-AE92-9E030371B84F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \\\"set system ports console insecure\\\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.\"}, {\"lang\": \"es\", \"value\": \"La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\\u00edstica \u0027set system ports console insecure\u0027 (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\\u00f3ximos f\\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola.\"}]",
      "id": "CVE-2015-3007",
      "lastModified": "2024-11-21T02:28:29.900",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-07-14T17:59:03.400",
      "references": "[{\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032841\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3007\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-07-14T17:59:03.400\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \\\"set system ports console insecure\\\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.\"},{\"lang\":\"es\",\"value\":\"La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\u00edstica \u0027set system ports console insecure\u0027 (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFB89F64-16BB-4A14-9084-B338668D7FF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71742CF-50B1-44BB-AB7B-27E5DCC9CF70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD4237A-C257-4D8A-ABC4-9B2160530A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A449C87-C5C3-48FE-9E46-64ED5DD5F193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B6215F-76BF-473F-B325-0975B0EB101E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1C4A10C-49A3-4103-9E56-F881113BC5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB3DE56-1B04-4A53-B4A4-93286FC98463\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"181C0D30-4476-48EE-A4A4-3B2461F4AC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*\",\"matchCriteriaId\":\"040A6307-236E-4FAA-9A74-676F1DB0CF17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7192552C-7D4A-4D95-BA79-CDF465E27D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*\",\"matchCriteriaId\":\"45380883-DDAD-4046-AE92-9E030371B84F\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032841\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-XVJX-89JH-J37P

Vulnerability from github – Published: 2022-05-17 04:11 – Updated: 2022-05-17 04:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-07-14T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
  "id": "GHSA-xvjx-89jh-j37p",
  "modified": "2022-05-17T04:11:33Z",
  "published": "2022-05-17T04:11:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3007"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032841"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-286

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	SRX Network Security Daemon
N/A	N/A	Junos OS avec J-Web activé
Juniper Networks	Junos OS	Junos OS 12.1X46-D15 et versions ultérieures
N/A	N/A	CTPView version 7.1R1

References

Title

Publication Time

Tags

Référence CVE CVE-2015-3456	-	other
Référence CVE CVE-2015-3007	-	other
Référence CVE CVE-2014-6447	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5359	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015 http://	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5360	-	other
Référence CVE CVE-2015-5363	-	other
Référence CVE CVE-2015-5358	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5362	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2014-0226	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5357	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SRX Network Security Daemon",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS 12.1X46-D15 et versions ult\u00e9rieures",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView version 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "name": "CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "name": "CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "name": "CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "name": "CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "name": "CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "name": "CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "name": "CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10684\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10692\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015      http://",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10688\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10690\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10687\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10686\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10685\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2015-AVI-286",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": []
}

CERTFR-2015-AVI-286

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	SRX Network Security Daemon
N/A	N/A	Junos OS avec J-Web activé
Juniper Networks	Junos OS	Junos OS 12.1X46-D15 et versions ultérieures
N/A	N/A	CTPView version 7.1R1

References

Title

Publication Time

Tags

Référence CVE CVE-2015-3456	-	other
Référence CVE CVE-2015-3007	-	other
Référence CVE CVE-2014-6447	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5359	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015 http://	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5360	-	other
Référence CVE CVE-2015-5363	-	other
Référence CVE CVE-2015-5358	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5362	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2014-0226	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5357	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SRX Network Security Daemon",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS 12.1X46-D15 et versions ult\u00e9rieures",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView version 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "name": "CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "name": "CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "name": "CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "name": "CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "name": "CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "name": "CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "name": "CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10684\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10692\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015      http://",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10688\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10690\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10687\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10686\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10685\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2015-AVI-286",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": []
}

FKIE_CVE-2015-3007

Vulnerability from fkie_nvd - Published: 2015-07-14 17:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1032841
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032841

Impacted products

Vendor	Product	Version
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x46
juniper	junos	12.1x47
juniper	junos	12.1x47
juniper	junos	12.1x47
juniper	junos	12.3x48
juniper	junos	12.3x48
juniper	junos	12.3x48

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
              "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
              "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
              "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
              "matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
              "matchCriteriaId": "040A6307-236E-4FAA-9A74-676F1DB0CF17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
              "matchCriteriaId": "7192552C-7D4A-4D95-BA79-CDF465E27D37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
              "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
              "matchCriteriaId": "45380883-DDAD-4046-AE92-9E030371B84F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
    },
    {
      "lang": "es",
      "value": "La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\u00edstica \u0027set system ports console insecure\u0027 (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola."
    }
  ],
  "id": "CVE-2015-3007",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-07-14T17:59:03.400",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032841"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201507-0639

Vulnerability from variot - Updated: 2023-12-18 13:53

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. The Juniper SRX Series is Juniper Networks' SRX series of devices running the Junos operating system. Juniper Junos is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The following releases are affected: Junos OS 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, and 12.3X48 prior to 12.3X48-D15

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0639",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "12.3x48"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x47-d25"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.3x48"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.3x48-d15"
      },
      {
        "model": "junos os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "junos os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "12.1x46-d35"
      },
      {
        "model": "networks junos os 12.1x46",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos os 12.1x47",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks junos os 12.3x48",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "75718"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3007",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-3007",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2015-04710",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-80968",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3007",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04710",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-363",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80968",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. The Juniper SRX Series is Juniper Networks\u0027 SRX series of devices running the Junos operating system. Juniper Junos is prone to a local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The following releases are affected: Junos OS 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, and 12.3X48 prior to 12.3X48-D15",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3007",
        "trust": 3.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10683",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1032841",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "75718",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "id": "VAR-201507-0639",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:53:14.528000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10683",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10683"
      },
      {
        "title": "Juniper SRX Series services gateways permission to obtain vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/61156"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10683"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032841"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3007"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3007"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10683\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10683"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "date": "2015-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "BID",
        "id": "75718"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "date": "2015-07-14T17:59:03.400000",
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04710"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80968"
      },
      {
        "date": "2015-07-13T00:00:00",
        "db": "BID",
        "id": "75718"
      },
      {
        "date": "2015-07-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      },
      {
        "date": "2015-07-15T18:31:28.153000",
        "db": "NVD",
        "id": "CVE-2015-3007"
      },
      {
        "date": "2015-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "75718"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper SRX Series service gateway  Junos OS Vulnerabilities in which administrator privileges are obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003639"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-363"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-04710

Vulnerability from cnvd - Published: 2015-07-22

Title

Juniper SRX Series services gateways权限获取漏洞

Description

Juniper SRX Series是美国瞻博网络（Juniper Networks）公司的运行有Junos操作系统的SRX系列设备。 Juniper SRX Series services gateways with Junos OS 12.1X46-D35之前的12.1X46版本， 12.1X47-D25之前的12.1X47版本,12.3X48-D15之前的12.3X48版本存在组件漏洞,允许攻击者通过利用访问控制台端口获得管理权限。

Severity

高

Patch Name

Juniper SRX Series services gateways权限获取漏洞的补丁

Patch Description

Juniper SRX Series是美国瞻博网络（Juniper Networks）公司的运行有Junos操作系统的SRX系列设备。Juniper SRX Series services gateways with Junos OS 12.1X46-D35之前的12.1X46版本， 12.1X47-D25之前的12.1X47版本,12.3X48-D15之前的12.3X48版本存在组件漏洞,允许攻击者通过利用访问控制台端口获得管理权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Impacted products

Name
['Juniper Networks Junos OS 12.1X46(<12.1X46-D35)', 'Juniper Networks Junos OS 12.1X47(<12.1X47-D25)', 'Juniper Networks Junos OS 12.3X48(<12.3X48-D15)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75718"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3007"
    }
  },
  "description": "Juniper SRX Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u8fd0\u884c\u6709Junos\u64cd\u4f5c\u7cfb\u7edf\u7684SRX\u7cfb\u5217\u8bbe\u5907\u3002\r\n\r\nJuniper SRX Series services gateways with Junos OS 12.1X46-D35\u4e4b\u524d\u768412.1X46\u7248\u672c\uff0c 12.1X47-D25\u4e4b\u524d\u768412.1X47\u7248\u672c,12.3X48-D15\u4e4b\u524d\u768412.3X48\u7248\u672c\u5b58\u5728\u7ec4\u4ef6\u6f0f\u6d1e,\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u8bbf\u95ee\u63a7\u5236\u53f0\u7aef\u53e3\u83b7\u5f97\u7ba1\u7406\u6743\u9650\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04710",
  "openTime": "2015-07-22",
  "patchDescription": "Juniper SRX Series\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u7684\u8fd0\u884c\u6709Junos\u64cd\u4f5c\u7cfb\u7edf\u7684SRX\u7cfb\u5217\u8bbe\u5907\u3002Juniper SRX Series services gateways with Junos OS 12.1X46-D35\u4e4b\u524d\u768412.1X46\u7248\u672c\uff0c 12.1X47-D25\u4e4b\u524d\u768412.1X47\u7248\u672c,12.3X48-D15\u4e4b\u524d\u768412.3X48\u7248\u672c\u5b58\u5728\u7ec4\u4ef6\u6f0f\u6d1e,\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528\u8bbf\u95ee\u63a7\u5236\u53f0\u7aef\u53e3\u83b7\u5f97\u7ba1\u7406\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper SRX Series services gateways\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks Junos OS 12.1X46(\u003c12.1X46-D35)",
      "Juniper Networks Junos OS 12.1X47(\u003c12.1X47-D25)",
      "Juniper Networks Junos OS 12.3X48(\u003c12.3X48-D15)"
    ]
  },
  "referenceLink": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-16",
  "title": "Juniper SRX Series services gateways\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

GSD-2015-3007

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3007

Aliases

CVE-2015-3007

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3007",
    "description": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
    "id": "GSD-2015-3007"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3007"
      ],
      "details": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.",
      "id": "GSD-2015-3007",
      "modified": "2023-12-13T01:20:07.829686Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3007",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
          },
          {
            "name": "1032841",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032841"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3007"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10683"
            },
            {
              "name": "1032841",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032841"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-07-15T18:31Z",
      "publishedDate": "2015-07-14T17:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3007 (GCVE-0-2015-3007)

GHSA-XVJX-89JH-J37P

CERTFR-2015-AVI-286

Contournement provisoire

CERTFR-2015-AVI-286

Contournement provisoire

FKIE_CVE-2015-3007

VAR-201507-0639

CNVD-2015-04710

GSD-2015-3007

Tags

Sightings

Nomenclature