Detections
Analytics
Juniper ScreenOS 6.2.0r15 < 6.2.0r19 / 6.3.0r12 < 6.3.0r21 Multiple Vulnerabilities (JSA10713)
critical Nessus Plugin ID 87507
Language:
Synopsis
The remote host is affected by multiple vulnerabilities.Description
The remote host is running a version of Juniper ScreenOS that is 6.2.x prior to 6.2.0r19 or 6.3.x prior to 6.3.0r21. It is, therefore, affected by multiple vulnerabilities :- A backdoor exists that allows a remote attacker administrative access to the device over SSH or telnet.
(CVE-2015-7755)
- An unspecified flaw exists that allows a man-in-the-middle attacker to decrypt VPN traffic.
(CVE-2015-7756)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Juniper ScreenOS 6.2.0r19 / 6.3.0r21 or later.Alternatively, apply the appropriate patch referenced in the vendor advisory.
See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Plugin Details
Severity: Critical
ID: 87507
File Name: screenos_JSA10713.nasl
Version: 1.13
Type: local
Family: Firewalls
Published: 12/18/2015
Updated: 9/17/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2015-7755
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:juniper:screenos
Required KB Items: Host/Juniper/ScreenOS/display_version, Host/Juniper/ScreenOS/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/17/2015
Vulnerability Publication Date: 12/17/2015
Reference Information
CVE: CVE-2015-7755, CVE-2015-7756
BID: 79626
CERT: 640184
JSA: JSA10713