Executive Summary

Summary
Title Juniper ScreenOS contains multiple vulnerabilities
Informations
Name VU#640184 First vendor Publication 2015-12-21
Vendor VU-CERT Last vendor Modification 2015-12-22
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#640184

Juniper ScreenOS contains multiple vulnerabilities

Original Release date: 21 Dec 2015 | Last revised: 22 Dec 2015

Overview

Juniper Networks ScreenOS versions 6.3.0r17 through 6.3.0r20 allows unauthorized remote administration access to the device. Juniper Networks ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 allow for an attacker to monitor and decrypt VPN traffic.

Description

According to Juniper Security Advisory #10713:

    During an internal code review, two security issues were identified.

    Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Exploitation of this vulnerability can lead to complete compromise of the affected device.

    This issue only affects ScreenOS 6.3.0r17 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.

    This issue has been assigned CVE-2015-7755


    VPN Decryption (CVE-2015-7756) may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue.

    This issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.

    There is no way to detect that this vulnerability was exploited.

    This issue has been assigned CVE-2015-7756.


    Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities,however the password needed for the administrative access has been revealed publicly.

    No other Juniper Networks products or platforms are affected by these issues.


For more information, please see Juniper Security Advisory #10713.

Impact

An unauthorized remote attacker could gain privileged access to the device and compromise the confidentiality and integrity of its data.

Solution

Apply an update

Juniper has issued guidance to install the patched versions of ScreenOS.

Restrict Access

As a general good security practice, only allow connections from trusted hosts and networks.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Juniper NetworksAffected21 Dec 201521 Dec 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.3E:F/RL:OF/RC:C
Environmental6.2CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
  • http://kb.juniper.net/InfoCenter/index?page=content&id=KB16765&actp=search
  • http://kb.juniper.net/InfoCenter/index?page=content&id=KB16446&actp=search
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7756
  • http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html
  • https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/

Credit

Thanks to the Juniper SIRT Team.

This document was written by Brian Gardiner.

Other Information

  • CVE IDs:CVE-2015-7755CVE-2015-7756
  • Date Public:17 Dec 2015
  • Date First Published:21 Dec 2015
  • Date Last Updated:22 Dec 2015
  • Document Revision:32

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/640184

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-310 Cryptographic Issues
50 % CWE-287 Improper Authentication

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 12

Snort® IPS/IDS

Date Description
2016-03-14 Juniper ScreenOS unauthorized backdoor access attempt
RuleID : 37146 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2015-12-23 Name : An account on the remote host uses a known password.
File : screenos_ssh_auth_bypass.nasl - Type : ACT_GATHER_INFO
2015-12-18 Name : The remote host is affected by multiple vulnerabilities.
File : screenos_JSA10713.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-12-24 13:25:54
  • Multiple Updates
2015-12-23 00:22:48
  • Multiple Updates
2015-12-22 21:23:16
  • Multiple Updates
2015-12-22 00:23:07
  • First insertion