cvelistv5 - cve-2015-7756

CVE-2015-7756 (GCVE-0-2015-7756)

Vulnerability from cvelistv5 – Published: 2015-12-19 11:00 – Updated: 2024-08-06 07:58

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://arstechnica.com/security/2015/12/unauthori…	x_refsource_MISC
	http://www.wired.com/2015/12/juniper-networks-hid…	x_refsource_MISC
	http://www.securitytracker.com/id/1034489	vdb-entryx_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/640184	third-party-advisoryx_refsource_CERT-VN
	https://forums.juniper.net/t5/Security-Incident-R…	x_refsource_CONFIRM
	https://github.com/hdm/juniper-cve-2015-7755	x_refsource_MISC
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	https://adamcaudill.com/2015/12/17/much-ado-about…	x_refsource_MISC
	http://www.forbes.com/sites/thomasbrewster/2015/1…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:58:59.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
          },
          {
            "name": "1034489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034489"
          },
          {
            "name": "VU#640184",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/640184"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hdm/juniper-cve-2015-7755"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
        },
        {
          "name": "1034489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034489"
        },
        {
          "name": "VU#640184",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/640184"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hdm/juniper-cve-2015-7755"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
              "refsource": "MISC",
              "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
            },
            {
              "name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
              "refsource": "MISC",
              "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
            },
            {
              "name": "1034489",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034489"
            },
            {
              "name": "VU#640184",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/640184"
            },
            {
              "name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
              "refsource": "CONFIRM",
              "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
            },
            {
              "name": "https://github.com/hdm/juniper-cve-2015-7755",
              "refsource": "MISC",
              "url": "https://github.com/hdm/juniper-cve-2015-7755"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
            },
            {
              "name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
              "refsource": "MISC",
              "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
            },
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
              "refsource": "MISC",
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7756",
    "datePublished": "2015-12-19T11:00:00",
    "dateReserved": "2015-10-08T00:00:00",
    "dateUpdated": "2024-08-06T07:58:59.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6A62F5E-5E9B-4AF3-B4D0-1863FFD7AF2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBD7805-B9BD-4A51-B6AF-B0D4C66466A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC0F87C3-666B-42D9-850B-88D55AC6FE62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71906D2F-EA04-4B77-ABD5-B1BB4832E242\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*\", \"matchCriteriaId\": \"443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A45A2F9-F33F-429B-A66D-B2BCBA7B8836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6923ED1-A07D-46FD-BB81-ECA920E13840\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*\", \"matchCriteriaId\": \"9323A380-A99C-4B35-B379-51A57CF17678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B6F2143-1B00-4F3D-9454-24A80D9C88FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*\", \"matchCriteriaId\": \"29AF89BB-010B-4E95-8E80-69749BDF4211\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D1377D2-A31B-4081-890F-8955D86E50C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de cifrado en Juniper ScreenOS 6.2.0r15 hasta la versi\\u00f3n 6.2.0r18, 6.3.0r12 en versiones anteriores a 6.3.0r12b, 6.3.0r13 en versiones anteriores a 6.3.0r13b, 6.3.0r14 en versiones anteriores a 6.3.0r14b, 6.3.0r15 en versiones anteriores a 6.3.0r15b, 6.3.0r16 en versiones anteriores a 6.3.0r16b, 6.3.0r17 en versiones anteriores a 6.3.0r17b, 6.3.0r18 en versiones anteriores a 6.3.0r18b, 6.3.0r19 en versiones anteriores a 6.3.0r19b y 6.3.0r20 en versiones anteriores a 6.3.0r21 facilita a atacantes remotos descubrir en texto plano el contenido de las sesiones VPN mediante el rastreo de la red en busca de datos de texto cifrados y llevar a cabo un ataque de descifrado no especificado.\"}]",
      "id": "CVE-2015-7756",
      "lastModified": "2024-11-21T02:37:20.673",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-12-19T14:59:02.767",
      "references": "[{\"url\": \"http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/640184\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1034489\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://adamcaudill.com/2015/12/17/much-ado-about-juniper/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/hdm/juniper-cve-2015-7755\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/640184\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://adamcaudill.com/2015/12/17/much-ado-about-juniper/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/hdm/juniper-cve-2015-7755\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-7756\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-12-19T14:59:02.767\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de cifrado en Juniper ScreenOS 6.2.0r15 hasta la versi\u00f3n 6.2.0r18, 6.3.0r12 en versiones anteriores a 6.3.0r12b, 6.3.0r13 en versiones anteriores a 6.3.0r13b, 6.3.0r14 en versiones anteriores a 6.3.0r14b, 6.3.0r15 en versiones anteriores a 6.3.0r15b, 6.3.0r16 en versiones anteriores a 6.3.0r16b, 6.3.0r17 en versiones anteriores a 6.3.0r17b, 6.3.0r18 en versiones anteriores a 6.3.0r18b, 6.3.0r19 en versiones anteriores a 6.3.0r19b y 6.3.0r20 en versiones anteriores a 6.3.0r21 facilita a atacantes remotos descubrir en texto plano el contenido de las sesiones VPN mediante el rastreo de la red en busca de datos de texto cifrados y llevar a cabo un ataque de descifrado no especificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6A62F5E-5E9B-4AF3-B4D0-1863FFD7AF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBD7805-B9BD-4A51-B6AF-B0D4C66466A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC0F87C3-666B-42D9-850B-88D55AC6FE62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71906D2F-EA04-4B77-ABD5-B1BB4832E242\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*\",\"matchCriteriaId\":\"443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A45A2F9-F33F-429B-A66D-B2BCBA7B8836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6923ED1-A07D-46FD-BB81-ECA920E13840\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*\",\"matchCriteriaId\":\"9323A380-A99C-4B35-B379-51A57CF17678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B6F2143-1B00-4F3D-9454-24A80D9C88FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*\",\"matchCriteriaId\":\"29AF89BB-010B-4E95-8E80-69749BDF4211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1377D2-A31B-4081-890F-8955D86E50C1\"}]}]}],\"references\":[{\"url\":\"http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/640184\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://adamcaudill.com/2015/12/17/much-ado-about-juniper/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/hdm/juniper-cve-2015-7755\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/640184\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://adamcaudill.com/2015/12/17/much-ado-about-juniper/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/hdm/juniper-cve-2015-7755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2015-AVI-550

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Juniper ScreenOS. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Juniper ScreenOS versions 6.3.0r20 et antérieures
	N/A	N/A	Juniper ScreenOS versions 6.2.0r18 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10712 du 16 décembre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10713 du 16 décembre 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper ScreenOS versions 6.3.0r20 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2.0r18 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    },
    {
      "name": "CVE-2015-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7754"
    },
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-550",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eJuniper ScreenOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10712 du 16 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10713 du 16 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2016-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Juniper ScreenOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Juniper ScreenOS versions antérieures à 6.3.0r22

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper du 06 avril 2016	None	vendor-advisory
ScreenOS 6.3.0r22	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eJuniper ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r22\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    },
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    }
  ],
  "links": [
    {
      "title": "ScreenOS 6.3.0r22",
      "url": "http://www.juniper.net/support/downloads/screenos.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eJuniper\nScreenOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 06 avril 2016",
      "url": "http://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368"
    }
  ]
}

CERTFR-2016-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Juniper ScreenOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Juniper ScreenOS versions antérieures à 6.3.0r22

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper du 06 avril 2016	None	vendor-advisory
ScreenOS 6.3.0r22	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eJuniper ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r22\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    },
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    }
  ],
  "links": [
    {
      "title": "ScreenOS 6.3.0r22",
      "url": "http://www.juniper.net/support/downloads/screenos.html"
    }
  ],
  "reference": "CERTFR-2016-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eJuniper\nScreenOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 06 avril 2016",
      "url": "http://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368"
    }
  ]
}

CERTFR-2015-AVI-550

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Juniper ScreenOS versions 6.3.0r20 et antérieures
	N/A	N/A	Juniper ScreenOS versions 6.2.0r18 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10712 du 16 décembre 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10713 du 16 décembre 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper ScreenOS versions 6.3.0r20 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2.0r18 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    },
    {
      "name": "CVE-2015-7754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7754"
    },
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-550",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eJuniper ScreenOS\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10712 du 16 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10712\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10713 du 16 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CNVD-2015-08306

Vulnerability from cnvd - Published: 2015-12-21

Title

Juniper Networks ScreenOS存在后门漏洞（CNVD-2015-08306）

Description

ScreenOS是美国瞻博网络（Juniper Networks）公司开发的一款操作系统，主要运行在NetScreen系列的防火墙产品。 Juniper Networks ScreenOS存在未授权代码漏洞，攻击者可利用该漏洞解密NetScreen设备的VPN流量。

Severity

高

Patch Name

Juniper Networks ScreenOS存在后门漏洞（CNVD-2015-08306）的补丁

Patch Description

ScreenOS是美国瞻博网络（Juniper Networks）公司开发的一款操作系统，主要运行在NetScreen系列的防火墙产品。 Juniper Networks ScreenOS存在后门，攻击者可利用该漏洞解密NetScreen设备的VPN流量。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了升级程序修复该漏洞，请及时更新下载： http://www.juniper.net/support/downloads/screenos.html

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7756

Impacted products

Name
['Juniper Networks ScreenOS 6.2.0r15-6.2.0r18', 'Juniper Networks ScreenOS 6.3.0r12-6.3.0r20']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7756"
    }
  },
  "description": "ScreenOS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e3b\u8981\u8fd0\u884c\u5728NetScreen\u7cfb\u5217\u7684\u9632\u706b\u5899\u4ea7\u54c1\u3002 \r\n\r\nJuniper Networks ScreenOS\u5b58\u5728\u672a\u6388\u6743\u4ee3\u7801\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6NetScreen\u8bbe\u5907\u7684VPN\u6d41\u91cf\u3002",
  "discovererName": "Juniper Networks",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\u4e0b\u8f7d\uff1a \r\nhttp://www.juniper.net/support/downloads/screenos.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08306",
  "openTime": "2015-12-21",
  "patchDescription": "ScreenOS\u662f\u7f8e\u56fd\u77bb\u535a\u7f51\u7edc\uff08Juniper Networks\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e3b\u8981\u8fd0\u884c\u5728NetScreen\u7cfb\u5217\u7684\u9632\u706b\u5899\u4ea7\u54c1\u3002 \r\n\r\nJuniper Networks ScreenOS\u5b58\u5728\u540e\u95e8\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u89e3\u5bc6NetScreen\u8bbe\u5907\u7684VPN\u6d41\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Juniper Networks ScreenOS\u5b58\u5728\u540e\u95e8\u6f0f\u6d1e\uff08CNVD-2015-08306\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Juniper Networks ScreenOS 6.2.0r15-6.2.0r18",
      "Juniper Networks ScreenOS 6.3.0r12-6.3.0r20"
    ]
  },
  "referenceLink": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026actp=search \r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7756",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-21",
  "title": "Juniper Networks ScreenOS\u5b58\u5728\u540e\u95e8\u6f0f\u6d1e\uff08CNVD-2015-08306\uff09"
}

GHSA-FQ6R-QHQ8-2958

Vulnerability from github – Published: 2022-05-17 03:25 – Updated: 2025-04-12 12:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7756"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-19T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.",
  "id": "GHSA-fq6r-qhq8-2958",
  "modified": "2025-04-12T12:55:06Z",
  "published": "2022-05-17T03:25:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7756"
    },
    {
      "type": "WEB",
      "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper"
    },
    {
      "type": "WEB",
      "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hdm/juniper-cve-2015-7755"
    },
    {
      "type": "WEB",
      "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
    },
    {
      "type": "WEB",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/640184"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034489"
    },
    {
      "type": "WEB",
      "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-ALE-014

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été découverte dans Juniper ScreenOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Une mise à jour de sécurité a été publiée hier sur le site officiel de Juniper.

Cette mise à jour corrige plusieurs failles de sécurité critiques au niveau du système ScreenOS, identifiées à la suite d'un audit de code interne réalisé par Juniper.

La première vulnérabilité corrigée permettait à un attaquant de se connecter, via les protocoles SSH ou telnet, à tout équipement réseau Juniper utilisant une version vulnérable du système d'exploitation ScreenOS (versions antérieures à 6.2.0r18 ou 6.3.0r20).

De plus, le mot de passe de la porte dérobée a été identifié et a été rendu public sur Internet.

Cette compromission peut être détectée par la présence dans les journaux de notifications de connexions "anormales" pendant lesquelles le passage en mode administrateur (system) s'effectue depuis un compte utilisateur "standard" (username2) :

    2015-12-17 09:00:00 system warn 00515 Admin user system has logged on 
        via SSH from [...]
    2015-12-17 09:00:00 system warn 00528 SSH: Password authentication 
        successful for admin user 'username2' at host [...]

Cependant la société Juniper souligne le fait qu'unattaquant, ayant le niveau requis pour exploiter cettevulnérabilité, aura vraisemblablement effacé toute trace de sesconnexions dans les journaux.

La société Fox-It propose des signatures au format Snort afin d'identifer toute tentative de connexion à un équipement Juniper vulnérable via la porte dérobée.

La seconde vulnérabilité permettait à un attaquant, en capacité d'écouter le trafic VPN émis depuis un équipement concerné, de déchiffrer ce trafic.

Le CERT-FR recommande donc aux utilisateur de Juniper ScreenOS de procéder à une mise à jour immédiate du système d'exploitation. De plus, le CERT-FR insiste sur l'importance d'isoler l'accès aux interfaces d'administration des équipements réseaux afin de n'autoriser que les connexions depuis des systèmes de confiance.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Juniper ScreenOS versions 6.3.0r12 à 6.3.0r20
	N/A	N/A	Juniper ScreenOS versions 6.2.0r15 à 6.2.0r18

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper SA10713 du 17 décembre 2015	None	vendor-advisory
ScreenOS 6.3.0r22	-	other
Annonce Juniper	-	other
Règles Snort de détection d'exploitation	-	other
CERTFR-2016-AVI-117	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper ScreenOS versions 6.3.0r12 \u00e0 6.3.0r20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2.0r15 \u00e0 6.2.0r18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2016-04-11",
  "content": "## Solution\n\nUne mise \u00e0 jour de s\u00e9curit\u00e9 a \u00e9t\u00e9 publi\u00e9e hier sur le site officiel de\nJuniper.\n\nCette mise \u00e0 jour corrige plusieurs failles de s\u00e9curit\u00e9 critiques au\nniveau du syst\u00e8me ScreenOS, identifi\u00e9es \u00e0 la suite d\u0027un audit de code\ninterne r\u00e9alis\u00e9 par Juniper.\n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 corrig\u00e9e permettait \u00e0 un attaquant de se\nconnecter, via les protocoles SSH ou telnet, \u00e0 tout \u00e9quipement r\u00e9seau\nJuniper utilisant une version vuln\u00e9rable du syst\u00e8me d\u0027exploitation\nScreenOS (versions ant\u00e9rieures \u00e0 6.2.0r18 ou 6.3.0r20).\n\nDe plus, le mot de passe de la porte d\u00e9rob\u00e9e a \u00e9t\u00e9 identifi\u00e9 et a \u00e9t\u00e9\nrendu public sur Internet.\n\nCette compromission peut \u00eatre d\u00e9tect\u00e9e par la pr\u00e9sence dans les journaux\nde notifications de connexions \"anormales\" pendant lesquelles le passage\nen mode administrateur (system) s\u0027effectue depuis un compte utilisateur\n\"standard\" (username2) :\n\n        2015-12-17 09:00:00 system warn 00515 Admin user system has logged on \n            via SSH from [...]\n        2015-12-17 09:00:00 system warn 00528 SSH: Password authentication \n            successful for admin user \u0027username2\u0027 at host [...]\n\nCependant la soci\u00e9t\u00e9 Juniper souligne le fait qu\u0027unattaquant, ayant le\nniveau requis pour exploiter cettevuln\u00e9rabilit\u00e9, aura vraisemblablement\neffac\u00e9 toute trace de sesconnexions dans les journaux.\n\nLa soci\u00e9t\u00e9 Fox-It propose des signatures au format Snort afin\nd\u0027identifer toute tentative de connexion \u00e0 un \u00e9quipement Juniper\nvuln\u00e9rable via la porte d\u00e9rob\u00e9e.\n\nLa seconde vuln\u00e9rabilit\u00e9 permettait \u00e0 un attaquant, en capacit\u00e9\nd\u0027\u00e9couter le trafic VPN \u00e9mis depuis un \u00e9quipement concern\u00e9, de\nd\u00e9chiffrer ce trafic.\n\nLe CERT-FR recommande donc aux utilisateur de Juniper ScreenOS de\nproc\u00e9der \u00e0 une mise \u00e0 jour imm\u00e9diate du syst\u00e8me d\u0027exploitation. De plus,\nle CERT-FR insiste sur l\u0027importance d\u0027isoler l\u0027acc\u00e8s aux interfaces\nd\u0027administration des \u00e9quipements r\u00e9seaux afin de n\u0027autoriser que les\nconnexions depuis des syst\u00e8mes de confiance.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    },
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    }
  ],
  "links": [
    {
      "title": "ScreenOS 6.3.0r22",
      "url": "http://www.juniper.net/support/downloads/screenos.html"
    },
    {
      "title": "Annonce Juniper",
      "url": "http://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368"
    },
    {
      "title": "R\u00e8gles Snort de d\u00e9tection d\u0027exploitation",
      "url": "https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f"
    },
    {
      "title": "CERTFR-2016-AVI-117",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-117/"
    }
  ],
  "reference": "CERTFR-2015-ALE-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-18T00:00:00.000000"
    },
    {
      "description": "ajout de r\u00e8gles Snort dans les contournements provisoires.",
      "revision_date": "2015-12-21T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte",
      "revision_date": "2016-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eJuniper\nScreenOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper SA10713 du 17 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2015-ALE-014

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été découverte dans Juniper ScreenOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Une mise à jour de sécurité a été publiée hier sur le site officiel de Juniper.

Cette mise à jour corrige plusieurs failles de sécurité critiques au niveau du système ScreenOS, identifiées à la suite d'un audit de code interne réalisé par Juniper.

De plus, le mot de passe de la porte dérobée a été identifié et a été rendu public sur Internet.

    2015-12-17 09:00:00 system warn 00515 Admin user system has logged on 
        via SSH from [...]
    2015-12-17 09:00:00 system warn 00528 SSH: Password authentication 
        successful for admin user 'username2' at host [...]

La société Fox-It propose des signatures au format Snort afin d'identifer toute tentative de connexion à un équipement Juniper vulnérable via la porte dérobée.

La seconde vulnérabilité permettait à un attaquant, en capacité d'écouter le trafic VPN émis depuis un équipement concerné, de déchiffrer ce trafic.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation)

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Juniper ScreenOS versions 6.3.0r12 à 6.3.0r20
	N/A	N/A	Juniper ScreenOS versions 6.2.0r15 à 6.2.0r18

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper SA10713 du 17 décembre 2015	None	vendor-advisory
ScreenOS 6.3.0r22	-	other
Annonce Juniper	-	other
Règles Snort de détection d'exploitation	-	other
CERTFR-2016-AVI-117	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper ScreenOS versions 6.3.0r12 \u00e0 6.3.0r20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper ScreenOS versions 6.2.0r15 \u00e0 6.2.0r18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2016-04-11",
  "content": "## Solution\n\nUne mise \u00e0 jour de s\u00e9curit\u00e9 a \u00e9t\u00e9 publi\u00e9e hier sur le site officiel de\nJuniper.\n\nCette mise \u00e0 jour corrige plusieurs failles de s\u00e9curit\u00e9 critiques au\nniveau du syst\u00e8me ScreenOS, identifi\u00e9es \u00e0 la suite d\u0027un audit de code\ninterne r\u00e9alis\u00e9 par Juniper.\n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 corrig\u00e9e permettait \u00e0 un attaquant de se\nconnecter, via les protocoles SSH ou telnet, \u00e0 tout \u00e9quipement r\u00e9seau\nJuniper utilisant une version vuln\u00e9rable du syst\u00e8me d\u0027exploitation\nScreenOS (versions ant\u00e9rieures \u00e0 6.2.0r18 ou 6.3.0r20).\n\nDe plus, le mot de passe de la porte d\u00e9rob\u00e9e a \u00e9t\u00e9 identifi\u00e9 et a \u00e9t\u00e9\nrendu public sur Internet.\n\nCette compromission peut \u00eatre d\u00e9tect\u00e9e par la pr\u00e9sence dans les journaux\nde notifications de connexions \"anormales\" pendant lesquelles le passage\nen mode administrateur (system) s\u0027effectue depuis un compte utilisateur\n\"standard\" (username2) :\n\n        2015-12-17 09:00:00 system warn 00515 Admin user system has logged on \n            via SSH from [...]\n        2015-12-17 09:00:00 system warn 00528 SSH: Password authentication \n            successful for admin user \u0027username2\u0027 at host [...]\n\nCependant la soci\u00e9t\u00e9 Juniper souligne le fait qu\u0027unattaquant, ayant le\nniveau requis pour exploiter cettevuln\u00e9rabilit\u00e9, aura vraisemblablement\neffac\u00e9 toute trace de sesconnexions dans les journaux.\n\nLa soci\u00e9t\u00e9 Fox-It propose des signatures au format Snort afin\nd\u0027identifer toute tentative de connexion \u00e0 un \u00e9quipement Juniper\nvuln\u00e9rable via la porte d\u00e9rob\u00e9e.\n\nLa seconde vuln\u00e9rabilit\u00e9 permettait \u00e0 un attaquant, en capacit\u00e9\nd\u0027\u00e9couter le trafic VPN \u00e9mis depuis un \u00e9quipement concern\u00e9, de\nd\u00e9chiffrer ce trafic.\n\nLe CERT-FR recommande donc aux utilisateur de Juniper ScreenOS de\nproc\u00e9der \u00e0 une mise \u00e0 jour imm\u00e9diate du syst\u00e8me d\u0027exploitation. De plus,\nle CERT-FR insiste sur l\u0027importance d\u0027isoler l\u0027acc\u00e8s aux interfaces\nd\u0027administration des \u00e9quipements r\u00e9seaux afin de n\u0027autoriser que les\nconnexions depuis des syst\u00e8mes de confiance.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation)\n",
  "cves": [
    {
      "name": "CVE-2015-7755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7755"
    },
    {
      "name": "CVE-2015-7756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7756"
    }
  ],
  "links": [
    {
      "title": "ScreenOS 6.3.0r22",
      "url": "http://www.juniper.net/support/downloads/screenos.html"
    },
    {
      "title": "Annonce Juniper",
      "url": "http://forums.juniper.net/t5/Security-Incident-Response/Juniper-Networks-Completes-ScreenOS-Update/ba-p/290368"
    },
    {
      "title": "R\u00e8gles Snort de d\u00e9tection d\u0027exploitation",
      "url": "https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f"
    },
    {
      "title": "CERTFR-2016-AVI-117",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2016-AVI-117/"
    }
  ],
  "reference": "CERTFR-2015-ALE-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-12-18T00:00:00.000000"
    },
    {
      "description": "ajout de r\u00e8gles Snort dans les contournements provisoires.",
      "revision_date": "2015-12-21T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte",
      "revision_date": "2016-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eJuniper\nScreenOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper ScreenOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper SA10713 du 17 d\u00e9cembre 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

GSD-2015-7756

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7756

Aliases

CVE-2015-7756

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7756",
    "description": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.",
    "id": "GSD-2015-7756"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7756"
      ],
      "details": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.",
      "id": "GSD-2015-7756",
      "modified": "2023-12-13T01:20:01.957171Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7756",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
            "refsource": "MISC",
            "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
          },
          {
            "name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
            "refsource": "MISC",
            "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
          },
          {
            "name": "1034489",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034489"
          },
          {
            "name": "VU#640184",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/640184"
          },
          {
            "name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
            "refsource": "CONFIRM",
            "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
          },
          {
            "name": "https://github.com/hdm/juniper-cve-2015-7755",
            "refsource": "MISC",
            "url": "https://github.com/hdm/juniper-cve-2015-7755"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
          },
          {
            "name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
            "refsource": "MISC",
            "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
          },
          {
            "name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
            "refsource": "MISC",
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7756"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
            },
            {
              "name": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
            },
            {
              "name": "https://github.com/hdm/juniper-cve-2015-7755",
              "refsource": "MISC",
              "tags": [],
              "url": "https://github.com/hdm/juniper-cve-2015-7755"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
            },
            {
              "name": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
            },
            {
              "name": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
            },
            {
              "name": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
            },
            {
              "name": "VU#640184",
              "refsource": "CERT-VN",
              "tags": [],
              "url": "http://www.kb.cert.org/vuls/id/640184"
            },
            {
              "name": "1034489",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034489"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-07T18:25Z",
      "publishedDate": "2015-12-19T14:59Z"
    }
  }
}

VAR-201512-0519

Vulnerability from variot - Updated: 2023-12-18 13:14

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack. Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. ScreenOS is an operating system developed by Juniper Networks, Inc., which runs on the NetScreen family of firewall products. Juniper ScreenOS is prone to an unauthorized-access vulnerability and an information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information or gain unauthorized administrative access. This may aid in further attacks. A security vulnerability exists in the encryption implementation of Juniper Networks ScreenOS

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0519",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.2.0r18"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.2.0r17"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "6.3.0"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "6.2.0r15"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "6.2.0r16"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "6.2.0r15 to  6.2.0r18"
      },
      {
        "model": "screenos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "6.3.0r12 to  6.3.0r20"
      },
      {
        "model": "networks screenos 6.2.0r15-6.2.0r18",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "networks screenos 6.3.0r12-6.3.0r20",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "79626"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-7756",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-7756",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2015-08306",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-85717",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7756",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-08306",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-541",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85717",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7756",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack. Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device.  Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic. ScreenOS is an operating system developed by Juniper Networks, Inc., which runs on the NetScreen family of firewall products. Juniper ScreenOS is prone to an unauthorized-access vulnerability and an information-disclosure vulnerability. \nSuccessful exploits may allow an attacker to obtain sensitive information or gain unauthorized administrative access. This may aid in further attacks. A security vulnerability exists in the encryption implementation of Juniper Networks ScreenOS",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "BID",
        "id": "79626"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      }
    ],
    "trust": 3.33
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7756",
        "trust": 4.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10713",
        "trust": 3.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#640184",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1034489",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU94797797",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "79626",
        "trust": 0.3
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-90140",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "db": "BID",
        "id": "79626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "id": "VAR-201512-0519",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      }
    ],
    "trust": 1.33095236
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:14:34.392000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "IMPORTANT JUNIPER SECURITY ANNOUNCEMENT",
        "trust": 0.8,
        "url": "https://forums.juniper.net/t5/security-incident-response/important-announcement-about-screenos/ba-p/285554"
      },
      {
        "title": "JSA10713",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10713\u0026actp=search"
      },
      {
        "title": "Juniper Networks ScreenOS has a backdoor vulnerability (CNVD-2015-08306) patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/68608"
      },
      {
        "title": "Juniper Networks ScreenOS Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59310"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/01/26/juniper_us_government/"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2015/12/20/juniper_details_two_attacks_from_unauthorised_code/"
      },
      {
        "title": "juniper-cve-2015-7755",
        "trust": 0.1,
        "url": "https://github.com/hdm/juniper-cve-2015-7755 "
      },
      {
        "title": "Securelist",
        "trust": 0.1,
        "url": "https://securelist.com/threat-intelligence-report-for-the-telecommunications-industry/75846/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.kb.cert.org/vuls/id/640184"
      },
      {
        "trust": 1.9,
        "url": "https://github.com/hdm/juniper-cve-2015-7755"
      },
      {
        "trust": 1.8,
        "url": "https://forums.juniper.net/t5/security-incident-response/important-announcement-about-screenos/ba-p/285554"
      },
      {
        "trust": 1.8,
        "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
      },
      {
        "trust": 1.8,
        "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
      },
      {
        "trust": 1.8,
        "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
      },
      {
        "trust": 1.8,
        "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10713"
      },
      {
        "trust": 1.6,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10713\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 1.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7756"
      },
      {
        "trust": 1.4,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7756"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1034489"
      },
      {
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb16765\u0026actp=search"
      },
      {
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb16446\u0026actp=search"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7755"
      },
      {
        "trust": 0.8,
        "url": "http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html"
      },
      {
        "trust": 0.8,
        "url": "https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94797797/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10713\u0026actp=search"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10713"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/310.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "db": "BID",
        "id": "79626"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-21T00:00:00",
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "date": "2015-12-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "date": "2015-12-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "date": "2015-12-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "date": "2015-12-17T00:00:00",
        "db": "BID",
        "id": "79626"
      },
      {
        "date": "2015-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "date": "2015-12-19T14:59:02.767000",
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "date": "2015-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-22T00:00:00",
        "db": "CERT/CC",
        "id": "VU#640184"
      },
      {
        "date": "2015-12-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-08306"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85717"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7756"
      },
      {
        "date": "2016-01-04T02:28:00",
        "db": "BID",
        "id": "79626"
      },
      {
        "date": "2015-12-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006495"
      },
      {
        "date": "2016-12-07T18:25:05.363000",
        "db": "NVD",
        "id": "CVE-2015-7756"
      },
      {
        "date": "2015-12-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper ScreenOS contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#640184"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-541"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-7756

Vulnerability from fkie_nvd - Published: 2015-12-19 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713	Vendor Advisory
cve@mitre.org	http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
cve@mitre.org	http://www.kb.cert.org/vuls/id/640184
cve@mitre.org	http://www.securitytracker.com/id/1034489
cve@mitre.org	http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
cve@mitre.org	https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
cve@mitre.org	https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
cve@mitre.org	https://github.com/hdm/juniper-cve-2015-7755
af854a3a-2127-422b-91ae-364da2661108	http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/640184
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034489
af854a3a-2127-422b-91ae-364da2661108	http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
af854a3a-2127-422b-91ae-364da2661108	https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
af854a3a-2127-422b-91ae-364da2661108	https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hdm/juniper-cve-2015-7755

Impacted products

Vendor	Product	Version
juniper	screenos	6.2.0r15
juniper	screenos	6.2.0r16
juniper	screenos	6.2.0r17
juniper	screenos	6.2.0r18
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0
juniper	screenos	6.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.2.0r15:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A62F5E-5E9B-4AF3-B4D0-1863FFD7AF2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.2.0r16:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CBD7805-B9BD-4A51-B6AF-B0D4C66466A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.2.0r17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0F87C3-666B-42D9-850B-88D55AC6FE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.2.0r18:*:*:*:*:*:*:*",
              "matchCriteriaId": "71906D2F-EA04-4B77-ABD5-B1BB4832E242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r12:*:*:*:*:*:*",
              "matchCriteriaId": "AA1E16DB-CC63-4C17-97F1-7E96C00D4F0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r14:*:*:*:*:*:*",
              "matchCriteriaId": "443A7726-36FD-4F15-A0E4-FD6CBE7E4EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r15:*:*:*:*:*:*",
              "matchCriteriaId": "0A45A2F9-F33F-429B-A66D-B2BCBA7B8836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r16:*:*:*:*:*:*",
              "matchCriteriaId": "B6923ED1-A07D-46FD-BB81-ECA920E13840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*",
              "matchCriteriaId": "9323A380-A99C-4B35-B379-51A57CF17678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*",
              "matchCriteriaId": "5B6F2143-1B00-4F3D-9454-24A80D9C88FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*",
              "matchCriteriaId": "29AF89BB-010B-4E95-8E80-69749BDF4211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*",
              "matchCriteriaId": "1D1377D2-A31B-4081-890F-8955D86E50C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de cifrado en Juniper ScreenOS 6.2.0r15 hasta la versi\u00f3n 6.2.0r18, 6.3.0r12 en versiones anteriores a 6.3.0r12b, 6.3.0r13 en versiones anteriores a 6.3.0r13b, 6.3.0r14 en versiones anteriores a 6.3.0r14b, 6.3.0r15 en versiones anteriores a 6.3.0r15b, 6.3.0r16 en versiones anteriores a 6.3.0r16b, 6.3.0r17 en versiones anteriores a 6.3.0r17b, 6.3.0r18 en versiones anteriores a 6.3.0r18b, 6.3.0r19 en versiones anteriores a 6.3.0r19b y 6.3.0r20 en versiones anteriores a 6.3.0r21 facilita a atacantes remotos descubrir en texto plano el contenido de las sesiones VPN mediante el rastreo de la red en busca de datos de texto cifrados y llevar a cabo un ataque de descifrado no especificado."
    }
  ],
  "id": "CVE-2015-7756",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-12-19T14:59:02.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kb.cert.org/vuls/id/640184"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/hdm/juniper-cve-2015-7755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/640184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://adamcaudill.com/2015/12/17/much-ado-about-juniper/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/hdm/juniper-cve-2015-7755"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7756 (GCVE-0-2015-7756)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature