CVE-2015-3002

medium

Published 2015-04-10 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672

References

http://www.securityfocus.com/bid/74019
http://www.securitytracker.com/id/1032091
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672
http://www.securityfocus.com/bid/74019
http://www.securitytracker.com/id/1032091
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10672

CWEs

CWE-17

Verify integrity in audit chain (admin only). AS-IS.