7.2

CVE-2015-3007

EPSS 0.04%
Published 14.07.2015 17:59:03
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version12.1x46

Juniper ≫ Junos Version12.1x46 Updated10

Juniper ≫ Junos Version12.1x46 Updated15

Juniper ≫ Junos Version12.1x46 Updated20

Juniper ≫ Junos Version12.1x46 Updated25

Juniper ≫ Junos Version12.1x46 Updated30

Juniper ≫ Junos Version12.1x47

Juniper ≫ Junos Version12.1x47 Updated10

Juniper ≫ Junos Version12.1x47 Updated20

Juniper ≫ Junos Version12.3x48

Juniper ≫ Junos Version12.3x48 Updated10

Juniper ≫ Junos Version12.3x48 Updated5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683

Vendor Advisory

http://www.securitytracker.com/id/1032841

https://nvd.nist.gov/vuln/detail/CVE-2015-3007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3007

EUVD