Lucene search

[email protected]CVE-2015-3007

HistoryJul 14, 2015 - 5:59 p.m.

CVE-2015-3007

2015-07-1417:59:03

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-3007

juniper

srx series

junos os

unauthorized access

insecure console port

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.6%

JSON

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the “set system ports console insecure” feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Affected configurations

NVD

Node

juniperjunosMatch12.1x46

juniperjunosMatch12.1x46d10

juniperjunosMatch12.1x46d15

juniperjunosMatch12.1x46d20

juniperjunosMatch12.1x46d25

juniperjunosMatch12.1x46d30

juniperjunosMatch12.1x47

juniperjunosMatch12.1x47d10

juniperjunosMatch12.1x47d20

juniperjunosMatch12.3x48

juniperjunosMatch12.3x48d10

juniperjunosMatch12.3x48d5

CPENameOperatorVersion
juniper:junosjuniper junoseq12.1x46
juniper:junosjuniper junoseq12.1x47
juniper:junosjuniper junoseq12.3x48

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	12.1x46
juniper:junos	juniper junos	eq	12.1x47
juniper:junos	juniper junos	eq	12.3x48

References

kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

www.securitytracker.com/id/1032841

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2015-3007

openvas1 nvd1 nessus1 prion1 cvelist1