NVD

Id
28210  
Name
CVE-2015-7756  
Description
The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2015-12-19  
Modified Date
2016-12-07  
Seq
2015-7756  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
148313 28210 CVE-2015-7756 http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/  View
148314 28210 CVE-2015-7756 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713  View
148315 28210 CVE-2015-7756 http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/  View
148316 28210 CVE-2015-7756 VU#640184  View
148317 28210 CVE-2015-7756 1034489  View
148318 28210 CVE-2015-7756 http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/  View
148319 28210 CVE-2015-7756 https://adamcaudill.com/2015/12/17/much-ado-about-juniper/  View
148320 28210 CVE-2015-7756 https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554  View
148321 28210 CVE-2015-7756 https://github.com/hdm/juniper-cve-2015-7755  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11175 JVNDB-2015-006495 Juniper ScreenOS の暗号化の実装における VPN セッションの平文コンテンツを取得される脆弱性 Juniper ScreenOS の暗号化の実装には、VPN セッションの平文コンテンツを取得される脆弱性が存在します。 CVE-2015-7756 84981 CVE-2015-7756 28210 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006495.html 2015-12-17 2015-12-22 View