CVE-2015-3006

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kb.juniper.net/JSA10678	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:12.2x50:d10::::::
	cpe:2.3:o:juniper:junos:12.2x50:d20::::::
	cpe:2.3:o:juniper:junos:12.2x50:d41.1::::::
	cpe:2.3:o:juniper:junos:12.2x50:d42.1::::::
	cpe:2.3:o:juniper:junos:12.2x50:d56.1::::::
	cpe:2.3:o:juniper:junos:13.1x50:d10::::::
	cpe:2.3:o:juniper:junos:13.1x50:d25::::::
	cpe:2.3:o:juniper:junos:13.2x51:d15::::::
	cpe:2.3:o:juniper:junos:13.2x51:d20::::::
	cpe:2.3:o:juniper:junos:13.2x51:d20.2::::::
	cpe:2.3:o:juniper:junos:13.2x51:d21::::::
	cpe:2.3:o:juniper:junos:13.2x52:d10::::::
	cpe:2.3:o:juniper:junos:13.2x52:d5::::::
	cpe:2.3:o:juniper:junos:14.1x53:-::::::

OR	cpe:2.3:h:juniper:qfx3500:-:::::::*
	cpe:2.3:h:juniper:qfx3600:-:::::::*

History

No history.

Information

Published : 2020-02-28 23:15

Updated : 2023-12-10 13:13

NVD link : CVE-2015-3006

Mitre link : CVE-2015-3006

CVE.ORG link : CVE-2015-3006

JSON object : View

Products Affected

juniper

qfx3600
qfx3500
junos

CWE

CWE-331

Insufficient Entropy

{"id": "CVE-2015-3006", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-02-28T23:15:11.010", "references": [{"url": "https://kb.juniper.net/JSA10678", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-331"}]}], "descriptions": [{"lang": "en", "value": "On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability."}, {"lang": "es", "value": "En las plataformas QFX3500 y QFX3600, el n\u00famero de bytes recopilados desde la fuente de entrop\u00eda de RANDOM_INTERRUPT cuando los arranques del dispositivo son insuficientes, conllevando posiblemente a claves SSH d\u00e9biles o duplicadas o a certificados SSL/TLS auto-firmados. La entrop\u00eda aumenta despu\u00e9s que el sistema ha estado funcionando durante alg\u00fan tiempo, pero inmediatamente despu\u00e9s del arranque, la entrop\u00eda es muy lenta. Este problema s\u00f3lo afecta a los switches QFX3500 y QFX3600. Ning\u00fan otro producto o plataforma de Juniper Networks est\u00e1 afectada por esta vulnerabilidad de debilidad de la entrop\u00eda."}], "lastModified": "2020-03-10T13:39:00.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:12.2x50:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "497821DC-B070-4EE9-93DB-49352477423A"}, {"criteria": "cpe:2.3:o:juniper:junos:12.2x50:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C5F0149-58AC-4863-8FA5-3CB5B97BE4C0"}, {"criteria": "cpe:2.3:o:juniper:junos:12.2x50:d41.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D56B992-5713-4656-94B7-943A3119B25D"}, {"criteria": "cpe:2.3:o:juniper:junos:12.2x50:d42.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6436A50E-74AF-4886-8ECD-2AA37202A089"}, {"criteria": "cpe:2.3:o:juniper:junos:12.2x50:d56.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F921F54-8B9D-481E-A3D8-DC485BFE2965"}, {"criteria": "cpe:2.3:o:juniper:junos:13.1x50:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC28512D-DD4A-4BD3-B717-B7989A10F0F5"}, {"criteria": "cpe:2.3:o:juniper:junos:13.1x50:d25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6863F885-C2A2-48AA-969E-CC4E6BFA2C2D"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x51:d15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3947A516-2054-48B3-ADFD-3CF88EC2288D"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x51:d20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0951235-4A0A-4200-A7B1-9FF4540A3755"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x51:d20.2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CE9A629-DE43-4F7C-B93E-18BC6EC10FED"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x51:d21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E3A9AB1-202A-4480-8FFD-872C79325854"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x52:d10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1864A2D2-1FE6-4282-BB47-F5F18296D5B3"}, {"criteria": "cpe:2.3:o:juniper:junos:13.2x52:d5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8572251A-9A0B-4C59-8AE4-691D0E0EE53B"}, {"criteria": "cpe:2.3:o:juniper:junos:14.1x53:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FEF5DD8-B0B2-4ED2-B38F-CE870485AB8C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A336BD3-4AB0-4E9E-8AD5-E6413A5A53FC"}, {"criteria": "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F4D44B0-E6CE-4380-8712-AC832DBCB424"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}