CVE-2015-7755

CRITICAL KEV

Juniper ScreenOS 6.2.0r15-6.2.0r18, 6.3.0r12-6.3.0r20 - Remote Admin Access via Hardcoded Password

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7755 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 2, 2025. EIP tracks 3 public exploits from researchers including hdm, cinno, including a Metasploit module auxiliary/scanner/ssh/juniper_backdoor.

AI-analyzed exploit summary This repository provides detailed analysis and firmware binaries related to Juniper ScreenOS backdoors (CVE-2015-7755 and CVE-2015-7756), including decompiled code and version-specific findings. It references external technical blog posts for deeper insights into the authentication bypass and cryptographic weaknesses.

Description

Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.

Exploits (3)

nomisec WRITEUP 105 stars
by hdm · poc
https://github.com/hdm/juniper-cve-2015-7755

This repository provides detailed analysis and firmware binaries related to Juniper ScreenOS backdoors (CVE-2015-7755 and CVE-2015-7756), including decompiled code and version-specific findings. It references external technical blog posts for deeper insights into the authentication bypass and cryptographic weaknesses.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Juniper ScreenOS (6.2.0, 6.3.0)
No auth needed
Prerequisites: Access to affected Juniper ScreenOS firmware
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by cinno · remote-auth
https://github.com/cinno/CVE-2015-7755-POC

This repository contains a functional PoC for CVE-2015-7755, a Juniper ScreenOS backdoor vulnerability. The script attempts to authenticate via SSH using a hardcoded backdoor password to identify vulnerable hosts.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Juniper ScreenOS 6.2.0r15—6.2.0r18, 6.3.0r12—6.3.0r20
No auth needed
Prerequisites: Network access to target SSH port (22)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit SCANNER
by hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/juniper_backdoor.rb

This Metasploit module scans for the Juniper SSH backdoor (CVE-2015-7755) by attempting to authenticate with a hardcoded password. It verifies the presence of the vulnerability without executing malicious payloads.

Classification
Scanner 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Juniper ScreenOS
No auth needed
Prerequisites: Network access to the target SSH port (default 22)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1034489
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/79626
Third Party Advisory, US Government Resource third-party-advisory
http://www.kb.cert.org/vuls/id/640184

Scores

CVSS v3 9.8
EPSS 0.8580
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2025-10-02
VulnCheck KEV 2015-12-23
ENISA EUVD EUVD-2015-7655
CWE
CWE-287
Status published
Products (1)
juniper/screenos 6.3.0 r17 (4 CPE variants)
Published Dec 19, 2015
KEV Added Oct 02, 2025
Tracked Since Feb 18, 2026