Vulnerability Description
The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 12.1x46 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683Vendor Advisory
- http://www.securitytracker.com/id/1032841
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683Vendor Advisory
- http://www.securitytracker.com/id/1032841
FAQ
What is CVE-2015-3007?
CVE-2015-3007 is a vulnerability with a CVSS score of 7.2 (HIGH). The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console in...
How severe is CVE-2015-3007?
CVE-2015-3007 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3007?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.