CVE-2015-3007

EUVD-2015-3089
The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x46:x46
juniperjunos
12.1x47:x47
juniperjunos
12.1x47:x47
juniperjunos
12.1x47:x47
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
juniperjunos
12.3x48:x48
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683
http://www.securitytracker.com/id/1032841
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683
http://www.securitytracker.com/id/1032841