Juniper ScreenOS未授权访问及信息泄露漏洞(CVE-2015-7755)
Juniper ScreenOS未授权访问及信息泄露漏洞(CVE-2015-7755)
Juniper ScreenOS未授权访问及信息泄露漏洞(CVE-2015-7755)
发布日期:2015-12-19
更新日期:2015-12-21
受影响系统:
Juniper Networks ScreenOS 6.3.0r20
Juniper Networks ScreenOS 6.3.0r19
Juniper Networks ScreenOS 6.3.0r18
Juniper Networks ScreenOS 6.3.0r17
不受影响系统:
Juniper Networks ScreenOS >= 6.3.0r21
Juniper Networks ScreenOS >= 6.2.0r19
Juniper Networks ScreenOS 6.3.0r19b
Juniper Networks ScreenOS 6.3.0r18b
Juniper Networks ScreenOS 6.3.0r17b
Juniper Networks ScreenOS 6.3.0r16b
Juniper Networks ScreenOS 6.3.0r15b
Juniper Networks ScreenOS 6.3.0r14b
Juniper Networks ScreenOS 6.3.0r13b
Juniper Networks ScreenOS 6.3.0r12b
描述:
BUGTRAQ ID: 79626
CVE(CAN) ID: CVE-2015-7755
Juniper ScreenOS是Juniper SSG及NetScreen防火墙产品使用的操作系统。
Juniper ScreenOS 6.2.0r15-6.2.0r18、6.3.0r12-6.3.0r20存在安全漏洞,可使远程攻击者在SSH或telnet会话中,以管理员权限访问受影响设备,成功利用后可导致完成控制受影响系统。
<*来源:vendor
链接:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search
*>
建议:
厂商补丁:
Juniper Networks
----------------
Juniper Networks已经为此发布了一个安全公告(JSA10713)以及相应补丁:
JSA10713:ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755, CVE-2015-7756)
链接:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&actp=search
补丁下载:http://www.juniper.net/support/downloads/screenos.html
参考:
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
http://forums.juniper.net/t5/Security-Incident-Response/bg-p/SIRT
本文永久更新链接地址:
评论暂时关闭