CVE-2015-7755

9.8 CRITICAL CISA KEV - Actively Exploited
Published: December 19, 2015 Modified: April 21, 2026
View on NVD

Description

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
Source: cve@mitre.org
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Source: cve@mitre.org
Exploit Vendor Advisory
http://twitter.com/cryptoron/statuses/677900647560253442
Source: cve@mitre.org
Broken Link
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
Source: cve@mitre.org
Permissions Required
http://www.kb.cert.org/vuls/id/640184
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/79626
Source: cve@mitre.org
Broken Link
http://www.securitytracker.com/id/1034489
Source: cve@mitre.org
Broken Link
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Source: cve@mitre.org
Third Party Advisory
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
Source: cve@mitre.org
Third Party Advisory
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
Source: cve@mitre.org
Vendor Advisory
https://github.com/hdm/juniper-cve-2015-7755
Source: cve@mitre.org
Third Party Advisory
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Vendor Advisory
http://twitter.com/cryptoron/statuses/677900647560253442
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.kb.cert.org/vuls/id/640184
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/79626
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securitytracker.com/id/1034489
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://adamcaudill.com/2015/12/17/much-ado-about-juniper/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://github.com/hdm/juniper-cve-2015-7755
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-7755
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

23 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
85.2%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2025-10-23

Weaknesses (CWE)

CWE-287 CWE-287

Affected Vendors

juniper

Related CVEs

CVE-2026-43964 3.7
CVE-2026-42237 N/A
CVE-2026-42236 N/A
CVE-2026-42235 N/A
CVE-2026-42234 N/A