CVE-2015-7755

9.8 CRITICAL CISA KEV - Actively Exploited
Published: December 19, 2015 Modified: October 22, 2025
View on NVD

Description

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
Source: cve@mitre.org
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Source: cve@mitre.org
Exploit Vendor Advisory
http://twitter.com/cryptoron/statuses/677900647560253442
Source: cve@mitre.org
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/640184
Source: cve@mitre.org
http://www.securityfocus.com/bid/79626
Source: cve@mitre.org
http://www.securitytracker.com/id/1034489
Source: cve@mitre.org
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Source: cve@mitre.org
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
Source: cve@mitre.org
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
Source: cve@mitre.org
https://github.com/hdm/juniper-cve-2015-7755
Source: cve@mitre.org
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
Source: af854a3a-2127-422b-91ae-364da2661108
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Vendor Advisory
http://twitter.com/cryptoron/statuses/677900647560253442
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/640184
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/79626
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1034489
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Source: af854a3a-2127-422b-91ae-364da2661108
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
Source: af854a3a-2127-422b-91ae-364da2661108
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/hdm/juniper-cve-2015-7755
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

23 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
88.7%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2025-10-23

Weaknesses (CWE)

CWE-287 CWE-287

Affected Vendors

juniper

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3