Vulnerability in N/a
CVE-2015-7755
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r…
EPSS: 0.858 (99.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypt…
- www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-govern…
- 1034489 (vdb-entry)
- VU#640184 (third-party-advisory)
- forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-S…
- github.com/hdm/juniper-cve-2015-7755
- kb.juniper.net/InfoCenter/index
- twitter.com/cryptoron/statuses/677900647560253442
- adamcaudill.com/2015/12/17/much-ado-about-juniper/
- www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-…
Frequently asked questions
- What is CVE-2015-7755?
- CVE-2015-7755 is a vulnerability in N/a. Published 2015-12-19.
- Is CVE-2015-7755 known to be exploited?
- Yes. CVE-2015-7755 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-10-02), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.