Vulnerabilities > CVE-2015-3002 - Code vulnerability in Juniper Junos

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
juniper
CWE-17
nessus
NVD
Published: 2015-04-10
Updated: 2016-12-03

Summary

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.

Vulnerable Configurations

Part Description Count
OS
Juniper
22
Hardware
Juniper
12

Common Weakness Enumeration (CWE)

Nessus

NASL familyJunos Local Security Checks
NASL idJUNIPER_JSA10672.NASL
descriptionAccording to its self-reported version number, the remote Juniper Junos SRX series device is affected by an administrative access vulnerability due to a flaw in the
last seen2020-06-01
modified2020-06-02
plugin id82794
published2015-04-15
reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/82794
titleJuniper Junos SRX Series 'log-out-on-disconnect' Persistent Admin Access (JSA10672)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(82794);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2015-3002");
  script_bugtraq_id(74019);
  script_xref(name:"JSA", value:"JSA10672");

  script_name(english:"Juniper Junos SRX Series 'log-out-on-disconnect' Persistent Admin Access (JSA10672)");
  script_summary(english:"Checks the Junos version and model.");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote Juniper
Junos SRX series device is affected by an administrative access
vulnerability due to a flaw in the 'log-out-on-disconnect' feature
after a reboot. This can allow an attacker with physical access to
the device to gain administrative control by reconnecting to the
console port.");
  script_set_attribute(attribute:"see_also", value:"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper
advisory JSA10672.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/15");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version", "Host/Juniper/model");

  exit(0);
}

include("audit.inc");
include("junos.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');
model = get_kb_item_or_exit('Host/Juniper/model');

check_model(model:model, flags:SRX_SERIES, exit_on_fail:TRUE);

fixes = make_array();
fixes['12.1X44'] = '12.1X44-D45';
fixes['12.1X46'] = '12.1X46-D30';
fixes['12.1X47'] = '12.1X47-D15';
fixes['12.3X48'] = '12.3X48-D10';

fix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);

if (report_verbosity > 0)
{
  report = get_report(ver:ver, fix:fix, model:model);
  security_warning(port:0, extra:report);
}
else security_warning(0);

References