Sign-up

ID

VAR-201601-0585


CVE

CVE-2015-7754


TITLE

Juniper ScreenOS Denial of service in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006755

DESCRIPTION

Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. Juniper ScreenOS is prone to a denial of service vulnerability. An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Juniper Networks Juniper ScreenOS is Juniper Networks ( Juniper Networks ) company’s set of operations that operate on NetScreen operating system in series firewalls. Juniper Networks ScreenOS 6.3.0r21 There was a security hole in the previous version

Trust: 1.98

sources: NVD: CVE-2015-7754 // JVNDB: JVNDB-2015-006755 // BID: 79627 // VULHUB: VHN-85715

AFFECTED PRODUCTS

vendor:junipermodel:screenosscope:lteversion:6.3.0

Trust: 1.0

vendor:junipermodel:screenosscope:ltversion:6.3.0r21

Trust: 0.8

vendor:junipermodel:screenosscope:eqversion:6.3.0

Trust: 0.6

vendor:junipermodel:screenos 6.3.0r20scope: - version: -

Trust: 0.3

sources: BID: 79627 // JVNDB: JVNDB-2015-006755 // CNNVD: CNNVD-201512-545 // NVD: CVE-2015-7754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7754
value: HIGH

Trust: 1.0

NVD: CVE-2015-7754
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-545
value: CRITICAL

Trust: 0.6

VULHUB: VHN-85715
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7754
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-85715
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7754
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-85715 // JVNDB: JVNDB-2015-006755 // CNNVD: CNNVD-201512-545 // NVD: CVE-2015-7754

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-85715 // JVNDB: JVNDB-2015-006755 // NVD: CVE-2015-7754

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-545

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-545

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006755

PATCH
title:JSA10712url:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712
Trust: 0.8
title:Juniper Networks ScreenOS Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59312
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006755 // 
            
            
            
            CNNVD: CNNVD-201512-545

EXTERNAL IDS
db:NVDid:CVE-2015-7754
Trust: 2.8
db:BIDid:79627
Trust: 2.0
db:JUNIPERid:JSA10712
Trust: 2.0
db:SECTRACKid:1034490
Trust: 1.7
db:JVNDBid:JVNDB-2015-006755
Trust: 0.8
db:CNNVDid:CNNVD-201512-545
Trust: 0.7
db:VULHUBid:VHN-85715
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85715 // 
            
            
            
            BID: 79627 // 
            
            
            
            JVNDB: JVNDB-2015-006755 // 
            
            
            
            CNNVD: CNNVD-201512-545 // 
            
            
            
            NVD: CVE-2015-7754

REFERENCES
url:http://www.securityfocus.com/bid/79627
Trust: 1.7
url:http://www.securitytracker.com/id/1034490
Trust: 1.7
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10712
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7754
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7754
Trust: 0.8
url:http://www.juniper.net/
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10712&actp=rss
Trust: 0.3
url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10712
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85715 // 
            
            
            
            BID: 79627 // 
            
            
            
            JVNDB: JVNDB-2015-006755 // 
            
            
            
            CNNVD: CNNVD-201512-545 // 
            
            
            
            NVD: CVE-2015-7754

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 79627

SOURCES
db:VULHUBid:VHN-85715
db:BIDid:79627
db:JVNDBid:JVNDB-2015-006755
db:CNNVDid:CNNVD-201512-545
db:NVDid:CVE-2015-7754

LAST UPDATE DATE
2024-11-23T23:02:38.742000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85715date:2016-01-13T00:00:00
db:BIDid:79627date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006755date:2016-01-14T00:00:00
db:CNNVDid:CNNVD-201512-545date:2016-01-11T00:00:00
db:NVDid:CVE-2015-7754date:2024-11-21T02:37:20.373

SOURCES RELEASE DATE
db:VULHUBid:VHN-85715date:2016-01-08T00:00:00
db:BIDid:79627date:2015-12-17T00:00:00
db:JVNDBid:JVNDB-2015-006755date:2016-01-14T00:00:00
db:CNNVDid:CNNVD-201512-545date:2015-12-21T00:00:00
db:NVDid:CVE-2015-7754date:2016-01-08T19:59:08.177