CVE-2015-3007 - OpenCVE

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juniper	Junos

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos:12.1x46:::::::*
	cpe:2.3:o:juniper:junos:12.1x46:d10::::::
	cpe:2.3:o:juniper:junos:12.1x46:d15::::::
	cpe:2.3:o:juniper:junos:12.1x46:d20::::::
	cpe:2.3:o:juniper:junos:12.1x46:d25::::::
	cpe:2.3:o:juniper:junos:12.1x46:d30::::::
	cpe:2.3:o:juniper:junos:12.1x47:::::::*
	cpe:2.3:o:juniper:junos:12.1x47:d10::::::
	cpe:2.3:o:juniper:junos:12.1x47:d20::::::
	cpe:2.3:o:juniper:junos:12.3x48:::::::*
	cpe:2.3:o:juniper:junos:12.3x48:d10::::::
	cpe:2.3:o:juniper:junos:12.3x48:d5::::::

No data.

References

Link	Providers
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683
http://www.securitytracker.com/id/1032841

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-07-14T17:00:00

Updated: 2024-08-06T05:32:21.360Z

Reserved: 2015-04-07T00:00:00

Link: CVE-2015-3007

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-07-14T17:59:03.400

Modified: 2015-07-15T18:31:28.153

Link: CVE-2015-3007

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-07-14T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683"}, {"name": "1032841", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032841"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683"}, {"name": "1032841", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032841"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:32:21.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683"}, {"name": "1032841", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032841"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3007", "datePublished": "2015-07-14T17:00:00", "dateReserved": "2015-04-07T00:00:00", "dateUpdated": "2024-08-06T05:32:21.360Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*", "matchCriteriaId": "CFB89F64-16BB-4A14-9084-B338668D7FF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*", "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*", "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*", "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*", "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*", "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*", "matchCriteriaId": "0BB3DE56-1B04-4A53-B4A4-93286FC98463", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*", "matchCriteriaId": "181C0D30-4476-48EE-A4A4-3B2461F4AC20", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*", "matchCriteriaId": "040A6307-236E-4FAA-9A74-676F1DB0CF17", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*", "matchCriteriaId": "7192552C-7D4A-4D95-BA79-CDF465E27D37", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*", "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*", "matchCriteriaId": "45380883-DDAD-4046-AE92-9E030371B84F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the \"set system ports console insecure\" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port."}, {"lang": "es", "value": "La serie SRX de Juniper de servicios de puerta de enlace con sistema operativo Junos 12.1X46-D35, 12.1X47 anteriores a 12.1X47-D25 y 12.3X48 anteriores a 12.3X48-D15, no implementa adecuadamente la caracter\u00edstica 'set system ports console insecure' (conjunto de puertos del sistema de ajuste de la consola insegura), lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener privilegios administrativos mediante el aprovechamiento de acceso al puerto de la consola."}], "id": "CVE-2015-3007", "lastModified": "2015-07-15T18:31:28.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-14T17:59:03.400", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032841"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}