Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3007

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Security Impact Summary

CVE-2015-3007 is a security vulnerability that . Impacting 1 product from juniper organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2015, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2015-07-14T17:59:03.400

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-284
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x46 Yes
Operating System juniper junos 12.1x47 Yes
Operating System juniper junos 12.1x47 Yes
Operating System juniper junos 12.1x47 Yes
Operating System juniper junos 12.3x48 Yes
Operating System juniper junos 12.3x48 Yes
Operating System juniper junos 12.3x48 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For juniper's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.