search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Juniper ScreenOS contains multiple vulnerabilities

Vulnerability Note VU#640184

Original Release Date: 2015-12-21 | Last Revised: 2015-12-22

Overview

Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic.

Description

According to Juniper Security Advisory #10713:


    During an internal code review, two security issues were identified.

    Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Exploitation of this vulnerability can lead to complete compromise of the affected device.

    This issue only affects ScreenOS 6.3.0r17 through 6.3.0r20.  No other Juniper products or versions of ScreenOS are affected by this issue.

    This issue has been assigned CVE-2015-7755


    VPN Decryption (CVE-2015-7756) may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue.

    This issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.

    There is no way to detect that this vulnerability was exploited.

    This issue has been assigned CVE-2015-7756.


    Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities, however the password needed for the administrative access has been revealed publicly.

    No other Juniper Networks products or platforms are affected by these issues.

For more information, please see Juniper Security Advisory #10713.

Impact

An unauthorized remote attacker could gain privileged access to the device and compromise the confidentiality and integrity of its data.

Solution

Apply an update

Juniper has issued guidance to install the patched versions of ScreenOS.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information

640184
Expand all

Juniper Networks

Notified:  December 21, 2015 Updated:  December 21, 2015

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 8.3 E:F/RL:OF/RC:C
Environmental 6.2 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to the Juniper SIRT Team.

This document was written by Brian Gardiner.

Other Information

CVE IDs: CVE-2015-7755, CVE-2015-7756
Date Public: 2015-12-17
Date First Published: 2015-12-21
Date Last Updated: 2015-12-22 22:15 UTC
Document Revision: 32

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.