Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3006

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Feb, 2020 | 22:26
Updated At-16 Sep, 2024 | 18:19
Rejected At-
Credits

Junos: QFX Series: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Feb, 2020 | 22:26
Updated At:16 Sep, 2024 | 18:19
Rejected At:
▼CVE Numbering Authority (CNA)
Junos: QFX Series: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The following software releases have been updated to resolve this specific issue: Junos OS 12.2X50-D70 13.1X50-D30 13.2X51-D25 13.2X51-D30 13.2X52-D15 14.1X53-D10, and all subsequent releases. It is recommended to regenerate SSH keys or self signed certificates.

Configurations
Workarounds

Avoid generating SSH keys or self-signed SSL certificates on the affected platforms until the system has been up and running for some time, allowing additional sources of randomness to generate sufficient entropy.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA10678
x_refsource_CONFIRM
Hyperlink: https://kb.juniper.net/JSA10678
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.juniper.net/JSA10678
x_refsource_CONFIRM
x_transferred
Hyperlink: https://kb.juniper.net/JSA10678
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Feb, 2020 | 23:15
Updated At:10 Mar, 2020 | 13:39

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.06.8MEDIUM
AV:N/AC:L/Au:S/C:C/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:C/I:N/A:N
CPE Matches
Juniper Networks, Inc.
juniper
>>junos>>12.2x50
cpe:2.3:o:juniper:junos:12.2x50:d10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.2x50
cpe:2.3:o:juniper:junos:12.2x50:d20:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.2x50
cpe:2.3:o:juniper:junos:12.2x50:d41.1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.2x50
cpe:2.3:o:juniper:junos:12.2x50:d42.1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>12.2x50
cpe:2.3:o:juniper:junos:12.2x50:d56.1:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.1x50
cpe:2.3:o:juniper:junos:13.1x50:d10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.1x50
cpe:2.3:o:juniper:junos:13.1x50:d25:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x51
cpe:2.3:o:juniper:junos:13.2x51:d15:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x51
cpe:2.3:o:juniper:junos:13.2x51:d20:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x51
cpe:2.3:o:juniper:junos:13.2x51:d20.2:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x51
cpe:2.3:o:juniper:junos:13.2x51:d21:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x52
cpe:2.3:o:juniper:junos:13.2x52:d10:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>13.2x52
cpe:2.3:o:juniper:junos:13.2x52:d5:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>junos>>14.1x53
cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>qfx3500>>-
cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*
Juniper Networks, Inc.
juniper
>>qfx3600>>-
cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-331Primarynvd@nist.gov
CWE ID: CWE-331
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.juniper.net/JSA10678cve@mitre.org
Vendor Advisory
Hyperlink: https://kb.juniper.net/JSA10678
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2022-22152
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-7.7||HIGH
EPSS-0.33% / 54.98%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 00:20
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-contrail_service_orchestrationContrail Service Orchestration
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2021-0231
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 49.91%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:36
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX, vSRX Series: J-Web Path traversal vulnerability in SRX and vSRX Series leads to information disclosure.

A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5400srx5800srx380srx4200srx550srx300srx340srx320srx5600junossrx4100srx4600vsrxsrx1500Junos OS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-1611
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-5.44% / 89.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 08:40
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device.

A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_spaceJunos Space
CVE-2017-2326
Matching Score-8
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-northstar_controllerNorthStar Controller Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-42138
Matching Score-4
Assigner-Thales Group
ShareView Details
Matching Score-4
Assigner-Thales Group
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.62%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:19
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.

Action-Not Available
Vendor-thalesgroupThales CPL
Product-safenet_windows_logon_agentSafenet Authentication Service
CWE ID-CWE-331
Insufficient Entropy
Details not found