CVE-2015-3006

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

Published: Feb 29, 2020
Updated: Apr 13, 2023
CVE: CVE-2015-3006
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:C/I:N/A:N

CWEs:

CWE-331

Affected Software
References

Software	From	Fixed in
juniper / junos	12.2x50-d10	12.2x50-d10.x
juniper / junos	12.2x50-d56.1	12.2x50-d56.1.x
juniper / junos	12.2x50-d42.1	12.2x50-d42.1.x
juniper / junos	12.2x50-d41.1	12.2x50-d41.1.x
juniper / junos	12.2x50-d20	12.2x50-d20.x
juniper / junos	13.1x50-d10	13.1x50-d10.x
juniper / junos	13.1x50-d25	13.1x50-d25.x
juniper / junos	13.2x51-d20	13.2x51-d20.x
juniper / junos	13.2x51-d21	13.2x51-d21.x
juniper / junos	13.2x51-d20.2	13.2x51-d20.2.x
juniper / junos	13.2x51-d15	13.2x51-d15.x
juniper / junos	13.2x52-d10	13.2x52-d10.x
juniper / junos	13.2x52-d5	13.2x52-d5.x
juniper / junos	14.1x53	14.1x53.x

https://kb.juniper.net/JSA10678

Vulnerability Database

CVE-2015-3006