CVE-2015-3007

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
http://www.securitytracker.com/id/1032841
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683	Vendor Advisory
http://www.securitytracker.com/id/1032841

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:12.1x46:::::::*
	cpe:2.3:o:juniper:junos:12.1x46:d10::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::
	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:12.1x46:d25::::::
	cpe:2.3:o:juniper:junos:12.1x46:d30::::::
	cpe:2.3:o:juniper:junos:12.1x47:::::::*
	cpe:2.3:o:juniper:junos:12.1x47:d10::::::
	cpe:2.3:o:juniper:junos:12.1x47:d20::::::
	cpe:2.3:o:juniper:junos:12.3x48:::::::*
	cpe:2.3:o:juniper:junos:12.3x48:d10::::::
	cpe:2.3:o:juniper:junos:12.3x48:d5::::::

History

21 Nov 2024, 02:28

Type	Values Removed	Values Added
References	~~() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683 - Vendor Advisory~~	() http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1032841 -~~	() http://www.securitytracker.com/id/1032841 -

Information

Published : 2015-07-14 17:59

Updated : 2024-11-21 02:28

NVD link : CVE-2015-3007

Mitre link : CVE-2015-3007

CVE.ORG link : CVE-2015-3007

JSON object : View

Products Affected

juniper

junos

CWE

CWE-284

Improper Access Control

{"id": "CVE-2015-3007", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-14T17:59:03.400", "references": [{"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1032841", "source": "cve@mitre.org"}, {"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032841", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."}, {"lang": "es", "value": "La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\u00edstica 'set system ports console insecure' (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola."}], "lastModified": "2024-11-21T02:28:29.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20"}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "040A6307-236E-4FAA-9A74-676F1DB0CF17"}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7192552C-7D4A-4D95-BA79-CDF465E27D37"}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3"}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45380883-DDAD-4046-AE92-9E030371B84F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}