Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 2

Two backdoors in Juniper ScreenOS
CVE-2015-7756

Information disclosure

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to usage of insecure encryption keys. A remote attacker can with ability to monitor VPN traffic can intercept and decrypt it.

Successful exploitation of the vulnerability results in information disclosure on the target system.

Note: the vulnerability was disclosed as part of two backdoors during internal source code audit.
i

Revealed during source code review by the vendor.

Software: Juniper ScreenOS

Revealed during source code review by the vendor.

Two backdoors in Juniper ScreenOS
CVE-2015-7755

Authentication bypass

The vulnerability allows a remote attacker to bypass authentication on the target system.

The weakness exists due to presence of backdoor in Juniper ScreenOS code. A remote attacker can enter a password "<<< %s(un='%s') = %u" during a SSH or TELNET session and obtain administrative access to the device.

Successful exploitation of the vulnerability results in unauthorized access to the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Revealed during source code review by the vendor.

Software: Juniper ScreenOS

Revealed during source code review by the vendor.