CVE-2015-7755
Summary
| CVE | CVE-2015-7755 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-12-19 14:59:00 UTC |
| Updated | 2016-12-07 18:25:00 UTC |
| Description | Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session. |
Risk And Classification
EPSS: 0.849510000 probability, percentile 0.993420000 (date 2026-04-02)
CISA KEV: Listed on 2025-10-02; due 2025-10-23; ransomware use Unknown
Problem Types: CWE-287
CISA Known Exploited Vulnerability
| Vendor | Juniper |
|---|---|
| Product | ScreenOS |
| Name | Juniper ScreenOS Improper Authentication Vulnerability |
| Required Action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Notes | https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https://nvd.nist.gov/vuln/detail/CVE-2015-7755 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Juniper | Screenos | 6.3.0 | r17 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r18 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r19 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r20 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r17 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r18 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r19 | All | All |
| Operating System | Juniper | Screenos | 6.3.0 | r20 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | WIRED | MISC | www.wired.com | |
| GitHub - hdm/juniper-cve-2015-7755: Notes, binaries, and related information from analysis of the CVE-2015-7755 & CVE-2015-7756 issues within Juniper ScreenOS | MISC | github.com | |
| Important Announcement about ScreenOS® - J-Net Community | CONFIRM | forums.juniper.net | |
| Juniper Says It Didn't Work With Government To Add 'Unauthorized Code' To Network Gear | MISC | www.forbes.com | |
| Much ado about Juniper – Adam Caudill | MISC | adamcaudill.com | |
| Ronald Prins on Twitter: "Hmmm. It took @foxit 6 hours to find the password for the ssh/telnet backdoor in the vulnerable Juniper firewalss. Patch now" | MISC | twitter.com | |
| Juniper ScreenOS Unauthorized Code Lets Remote Users Gain Administrative Access and Also Decrypt VPN Data - SecurityTracker | SECTRACK | www.securitytracker.com | |
| VU#640184 - Juniper ScreenOS contains multiple vulnerabilities | CERT-VN | www.kb.cert.org | |
| Juniper Networks - 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755, CVE-2015-7756) - Knowledge Base | CONFIRM | kb.juniper.net | Exploit, Vendor Advisory |
| Juniper ScreenOS CVE-2015-7755 Unauthorized Access and Information Disclosure Vulnerabilities | BID | www.securityfocus.com | |
| “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic | Ars Technica | MISC | arstechnica.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.