Detections
Analytics
Juniper ScreenOS 6.3.0r20 SSH ssh-pka SSH Negotiation RCE (JSA10712)
critical Nessus Plugin ID 87539
Language:
Synopsis
The remote host is affected by a remote code execution vulnerability.Description
The remote host is running Juniper ScreenOS version 6.3.0r20. It is, therefore, affected by a remote code execution vulnerability due to improper handling of specially crafted SSH negotiations when ssh-pka is configured. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.Solution
Upgrade to Juniper ScreenOS 6.3.0r21 or later.See Also
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10712
Plugin Details
Severity: Critical
ID: 87539
File Name: screenos_JSA10712.nasl
Version: 1.10
Type: local
Family: Firewalls
Published: 12/21/2015
Updated: 2/18/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2015-7754
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: manual
Vulnerability Information
CPE: cpe:/o:juniper:screenos
Required KB Items: Host/Juniper/ScreenOS/display_version, Host/Juniper/ScreenOS/version
Exploit Ease: No known exploits are available
Patch Publication Date: 12/17/2015
Vulnerability Publication Date: 12/17/2015
Reference Information
CVE: CVE-2015-7754
BID: 79627
JSA: JSA10712