10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic.
According to Juniper Security Advisory #10713:
During an internal code review, two security issues were identified.
_Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Exploitation of this vulnerability can lead to complete compromise of the affected device. _
This issue only affects ScreenOS 6.3.0r17 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.
_This issue has been assigned _CVE-2015-7755
VPN Decryption (CVE-2015-7756) may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue.
This issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.
There is no way to detect that this vulnerability was exploited.
This issue has been assigned CVE-2015-7756.
Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities, however the password needed for the administrative access has been revealed publicly.
An unauthorized remote attacker could gain privileged access to the device and compromise the confidentiality and integrity of its data.
Apply an update
Juniper has issued guidance to install the patched versions of ScreenOS.
Restrict Access
As a general good security practice, only allow connections from trusted hosts and networks.
640184
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 21, 2015 Updated: December 21, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.3 | E:F/RL:OF/RC:C |
Environmental | 6.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to the Juniper SIRT Team.
This document was written by Brian Gardiner.
CVE IDs: | CVE-2015-7755, CVE-2015-7756 |
---|---|
Date Public: | 2015-12-17 Date First Published: |
blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7756
kb.juniper.net/InfoCenter/index?page=content&id=KB16446&actp=search
kb.juniper.net/InfoCenter/index?page=content&id=KB16765&actp=search
kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
rpw.sh/blog/2015/12/21/the-backdoored-backdoor/