Test ID:	1.3.6.1.4.1.25623.1.0.105496
Category:	Default Accounts
Title:	Backdoor in ScreenOS (Telnet)
Summary:	ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet.
Description:	Summary: ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet. Vulnerability Insight: It was possible to login using any username and the password: <<< %s(un='%s') = %u In February 2018 it was discovered that this vulnerability is being exploited by the 'DoubleDoor' Internet of Things (IoT) Botnet. Affected Software/OS: These issues can affect any product or platform running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Solution: This issue was fixed in ScreenOS 6.2.0r19, 6.3.0r21, and all subsequent releases. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7755 BugTraq ID: 79626 http://www.securityfocus.com/bid/79626 CERT/CC vulnerability note: VU#640184 http://www.kb.cert.org/vuls/id/640184 http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/ http://twitter.com/cryptoron/statuses/677900647560253442 http://www.forbes.com/sites/thomasbrewster/2015/12/18/juniper-says-it-didnt-work-with-government-to-add-unauthorized-code-to-network-gear/ http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/ https://adamcaudill.com/2015/12/17/much-ado-about-juniper/ https://github.com/hdm/juniper-cve-2015-7755 http://www.securitytracker.com/id/1034489 Common Vulnerability Exposure (CVE) ID: CVE-2015-7754 BugTraq ID: 79627 http://www.securityfocus.com/bid/79627 http://www.securitytracker.com/id/1034490
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.