VDB
CVE-2015-3006
CVE-2015-3006
PUBLISHED
CVSS 6.5 MEDIUM
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.
EPSS 0.12% · 30.1th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.12%
30.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| juniper | junos | 12.2x50, 12.2x50, 12.2x50 |
| n/a | n/a | n/a |
Exploit Intelligence
- saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 (github-poc)
- saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 (github-poc)
- saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 (github-poc)
- saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 (github-poc)
- saurabh2088/OpenSSL_1_0_1g_CVE-2015-0205 (github-poc)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc)
- Basic BASH Script to Automate OpenSSL based testing for FREAK Attack (CVE-2015-0204) as advised by Akamai. (github-poc)
…and 496 more exploits
Timeline
- Apr 9, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Aug 31, 2022 PoC Published
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://kb.juniper.net/JSA10678 url
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10677 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10678 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10675 advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10674 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-3006 advisory