Vulnerability Details : CVE-2015-7755
Public exploit exists!
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.
Products affected by CVE-2015-7755
- cpe:2.3:o:juniper:screenos:6.3.0:r17:*:*:*:*:*:*
- cpe:2.3:o:juniper:screenos:6.3.0:r20:*:*:*:*:*:*
- cpe:2.3:o:juniper:screenos:6.3.0:r18:*:*:*:*:*:*
- cpe:2.3:o:juniper:screenos:6.3.0:r19:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7755
87.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-7755
-
Juniper SSH Backdoor Scanner
Disclosure Date: 2015-12-20First seen: 2020-04-26auxiliary/scanner/ssh/juniper_backdoorThis module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un='%s') = %u. Authors: - hdm <x@hdm.io> - h00die <mike@stcyrsecurity.com>
CVSS scores for CVE-2015-7755
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-7755
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7755
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Juniper Networks - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755, CVE-2015-7756)Exploit;Vendor Advisory
-
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
“Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic | Ars Technica
-
https://github.com/hdm/juniper-cve-2015-7755
GitHub - hdm/juniper-cve-2015-7755: Notes, binaries, and related information from analysis of the CVE-2015-7755 & CVE-2015-7756 issues within Juniper ScreenOS
-
http://www.securityfocus.com/bid/79626
Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities
-
http://twitter.com/cryptoron/statuses/677900647560253442
Ronald Prins on Twitter: "Hmmm. It took @foxit 6 hours to find the password for the ssh/telnet backdoor in the vulnerable Juniper firewalss. Patch now"
-
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | WIRED
-
http://www.securitytracker.com/id/1034489
Juniper ScreenOS Unauthorized Code Lets Remote Users Gain Administrative Access and Also Decrypt VPN Data - SecurityTracker
-
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
Important Announcement about ScreenOS® - J-Net Community
-
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
Juniper Says It Didn't Work With Government To Add 'Unauthorized Code' To Network Gear
-
http://www.kb.cert.org/vuls/id/640184
VU#640184 - Juniper ScreenOS contains multiple vulnerabilities
-
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
Much ado about Juniper — Adam Caudill
Jump to