[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Juniper CVE assignment problem?
- To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Subject: Juniper CVE assignment problem?
- From: Kurt Seifried <kseifried@redhat.com>
- Date: Thu, 17 Dec 2015 21:50:09 -0700
- Authentication-Results: spf=none (sender IP is 129.83.29.2)smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (messagenot signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=noneheader.from=redhat.com;
- Delivery-Date: Fri Dec 18 07:45:46 2015
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- SpamDiagnosticMetadata: 43da9c421be74aed97248473db21fd15
- SpamDiagnosticOutput: 1:2
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
======
PROBLEM:
During an internal code review, two security issues were identified.
The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system.
The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system.
...
The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue.
These issues have been assigned CVE-2015-7755.
======
These are clearly two separate bugs (even the vendor says so) but they assigned a single CVE to them? Since Juniper is not a CNA I assume they asked Mitre for a CVE? Did Mitre assign one CVE for two issues, or did Juniper not fully inform Mitre of the issues involved (thus resulting in only a single CVE)?
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
- Prev by Date: Re: Upcoming changes for CVE
- Next by Date: CVE program priorities
- Prev by thread: RE: Regarding CVE assignments on oss-sec mailing list
- Next by thread: CVE program priorities
- Index(es):
