CVE-2015-3006
Last modified
CVE-2015-3006 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | 12.2x50 | D10 |
| Juniper | Junos | 13.1x50 | D10 |
| Juniper | Junos | 13.2x51 | D15 |
| Juniper | Junos | 13.2x52 | D10 |
| Juniper | Junos | 14.1x53 | — |
References
- https://kb.juniper.net/JSA10678Vendor Advisory
- https://kb.juniper.net/JSA10678Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-3006?
How severe is CVE-2015-3006?
How do I fix CVE-2015-3006?
Are you affected by CVE-2015-3006?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST