CVE-2015-7756

EXPLOITED

Juniper ScreenOS <6.3.0r21 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-7756 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 makes it easier for remote attackers to discover the plaintext content of VPN sessions by sniffing the network for ciphertext data and conducting an unspecified decryption attack.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034489
Various Sources x_refsource_misc
https://github.com/hdm/juniper-cve-2015-7755
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/640184

Scores

EPSS 0.0046
EPSS Percentile 64.6%

Details

VulnCheck KEV 2015-12-23
CWE
CWE-310
Status published
Products (5)
juniper/screenos 6.2.0r15
juniper/screenos 6.2.0r16
juniper/screenos 6.2.0r17
juniper/screenos 6.2.0r18
juniper/screenos 6.3.0 r12 (8 CPE variants)
Published Dec 19, 2015
Tracked Since Feb 18, 2026