[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Juniper CVE assignment problem?


During an internal code review, two security issues were identified.

The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system.


The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue.

These issues have been assigned CVE-2015-7755.


These are clearly two separate bugs (even the vendor says so) but they assigned a single CVE to them? Since Juniper is not a CNA I assume they asked Mitre for a CVE? Did Mitre assign one CVE for two issues, or did Juniper not fully inform Mitre of the issues involved (thus resulting in only a single CVE)?

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: December 22, 2015