Vulnerability Details : CVE-2015-3006
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.
Products affected by CVE-2015-3006
- cpe:2.3:o:juniper:junos:13.2x52:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1x50:d25:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2x51:d15:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2x51:d20:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2x50:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2x50:d20:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2x50:d41.1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2x50:d42.1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:12.2x50:d56.1:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.1x50:d10:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2x51:d20.2:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2x51:d21:*:*:*:*:*:*
- cpe:2.3:o:juniper:junos:13.2x52:d5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3006
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:C/I:N/A:N |
8.0
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
MITRE | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2015-3006
-
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3006
-
https://kb.juniper.net/JSA10678
Vendor Advisory
Jump to