CVE-2015-3007 - Vitelline Tubgirl

Description

The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35 12.1X47 before 12.1X47-D25 and 12.3X48 before 12.3X48-D15 do not properly implement the \set system ports console insecure\ feature which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10683 http://www.securitytracker.com/id/1032841