CVE-2015-3006

MEDIUM

Juniper Networks - Info Disclosure

Title source: llm

Description

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

References (1)

[Vendor Advisory] https://kb.juniper.net/JSA10678

Scores

CVSS v3 6.5

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-331

Status published

Products (5)

juniper/junos 12.2x50 d10 (5 CPE variants)

juniper/junos 13.1x50 d10 (2 CPE variants)

juniper/junos 13.2x51 d15 (4 CPE variants)

juniper/junos 13.2x52 d10 (2 CPE variants)

juniper/junos 14.1x53

Published Feb 28, 2020

Tracked Since Feb 18, 2026