CVE-2015-3007

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Published: Jul 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-3007
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
juniper / junos	12.3x48-d10	12.3x48-d10.x
juniper / junos	12.1x47-d10	12.1x47-d10.x
juniper / junos	12.1x46-d30	12.1x46-d30.x
juniper / junos	12.1x47-d20	12.1x47-d20.x
juniper / junos	12.1x46-d25	12.1x46-d25.x
juniper / junos	12.1x46	12.1x46.x
juniper / junos	12.3x48	12.3x48.x
juniper / junos	12.1x47	12.1x47.x
juniper / junos	12.3x48-d5	12.3x48-d5.x
juniper / junos	12.1x46-d20	12.1x46-d20.x
juniper / junos	12.1x46-d15	12.1x46-d15.x
juniper / junos	12.1x46-d10	12.1x46-d10.x

Vulnerability Database

289,697

CVE-2015-3007