Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3006

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

Published

2020-02-28T23:15:11.010

Last Modified

2024-11-21T02:28:29.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-331

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	12.2x50	Yes
Operating System	juniper	junos	12.2x50	Yes
Operating System	juniper	junos	12.2x50	Yes
Operating System	juniper	junos	12.2x50	Yes
Operating System	juniper	junos	12.2x50	Yes
Operating System	juniper	junos	13.1x50	Yes
Operating System	juniper	junos	13.1x50	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x51	Yes
Operating System	juniper	junos	13.2x52	Yes
Operating System	juniper	junos	13.2x52	Yes
Operating System	juniper	junos	14.1x53	Yes
Hardware	juniper	qfx3500	-	No
Hardware	juniper	qfx3600	-	No

References

https://kb.juniper.net/JSA10678 Vendor Advisory ([email protected])
https://kb.juniper.net/JSA10678 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)