Details of VAR-202002-0863

ID

VAR-202002-0863

CVE

CVE-2015-3006

TITLE

QFX3500 and QFX3600 Switch vulnerabilities to lack of entropy

Trust: 0.8

sources: JVNDB: JVNDB-2015-008625

DESCRIPTION

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. QFX3500 and QFX3600 The switch is vulnerable to lack of entropy.Information may be obtained. There are security holes in Juniper Networks QFX3500 and QFX3600 switches. A remote attacker could use this vulnerability to perform a man-in-the-middle attack, gaining unauthorized access to sensitive information and systems. This aids in other attacks

Trust: 2.43

sources: NVD: CVE-2015-3006 // JVNDB: JVNDB-2015-008625 // CNVD: CNVD-2020-15148 // BID: 74020

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-15148

AFFECTED PRODUCTS

vendor:	juniper	model:	junos	scope:	eq	version:	13.2x51	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.2x52	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	14.1x53	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	13.1x50	Trust: 1.0
vendor:	juniper	model:	junos	scope:	eq	version:	12.2x50	Trust: 1.0
vendor:	juniper	model:	junos os	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	networks juniper networks qfx3500	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	networks qfx3600	scope:	-	version:	-	Trust: 0.6
vendor:	juniper	model:	qfx3600	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	qfx3500	scope:	eq	version:	0	Trust: 0.3
vendor:	juniper	model:	junos 14.1x50-d70	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d15	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x50-d20	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x50-d15.3	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1x49-d55	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1x49-d49	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2x50-d50.1	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2x50-d40.5	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2x50-d20.4	scope:	-	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 14.1x53-d10	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x52-d15	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.2x51-d25	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 13.1x50-d30	scope:	ne	version:	-	Trust: 0.3
vendor:	juniper	model:	junos 12.2x50-d70	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2020-15148 // BID: 74020 // JVNDB: JVNDB-2015-008625 // NVD: CVE-2015-3006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3006
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2015-3006
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2015-008625
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-15148
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-523
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2015-3006
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2015-008625
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-15148
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-3006
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2015-008625
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-15148 // JVNDB: JVNDB-2015-008625 // CNNVD: CNNVD-201506-523 // NVD: CVE-2015-3006 // NVD: CVE-2015-3006

PROBLEMTYPE DATA

problemtype:

CWE-331

Trust: 1.8

sources: JVNDB: JVNDB-2015-008625 // NVD: CVE-2015-3006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-523

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201506-523

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008625

PATCH

title:	JSA10678	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10678&actp=METADATA	Trust: 0.8
title:	Patch for Juniper Networks QFX3500 and QFX3600 Switch Unauthorized Access Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/206549	Trust: 0.6

sources: CNVD: CNVD-2020-15148 // JVNDB: JVNDB-2015-008625

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3006	Trust: 3.3
db:	JUNIPER	id:	JSA10678	Trust: 1.9
db:	BID	id:	74020	Trust: 0.9
db:	JVNDB	id:	JVNDB-2015-008625	Trust: 0.8
db:	CNVD	id:	CNVD-2020-15148	Trust: 0.6
db:	CNNVD	id:	CNNVD-201506-523	Trust: 0.6

sources: CNVD: CNVD-2020-15148 // BID: 74020 // JVNDB: JVNDB-2015-008625 // CNNVD: CNNVD-201506-523 // NVD: CVE-2015-3006

REFERENCES

url:	https://kb.juniper.net/jsa10678	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3006	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3006	Trust: 0.8
url:	http://www.securityfocus.com/bid/74020	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10678&cat=sirt_1&actp=list	Trust: 0.3

sources: CNVD: CNVD-2020-15148 // BID: 74020 // JVNDB: JVNDB-2015-008625 // CNNVD: CNNVD-201506-523 // NVD: CVE-2015-3006

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 74020

SOURCES

db:	CNVD	id:	CNVD-2020-15148
db:	BID	id:	74020
db:	JVNDB	id:	JVNDB-2015-008625
db:	CNNVD	id:	CNNVD-201506-523
db:	NVD	id:	CVE-2015-3006

LAST UPDATE DATE

2024-11-23T22:25:36.529000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-15148	date:	2020-03-03T00:00:00
db:	BID	id:	74020	date:	2015-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-008625	date:	2020-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-523	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2015-3006	date:	2024-11-21T02:28:29.740

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-15148	date:	2020-03-03T00:00:00
db:	BID	id:	74020	date:	2015-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-008625	date:	2020-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201506-523	date:	2015-04-09T00:00:00
db:	NVD	id:	CVE-2015-3006	date:	2020-02-28T23:15:11.010