What happened

CISA added CVE-2015-7755 to the Known Exploited Vulnerabilities (KEV) catalog, indicating observed exploitation of this issue in the wild CISA KEV. The vulnerability is an improper authentication flaw in Juniper ScreenOS that could allow unauthorized remote administrative access to affected devices NVD summary. CISA’s entry lists the affected product as Juniper ScreenOS and classifies the weakness under CWE-287 (Improper Authentication) CISA KEV NVD CWE-287.

Per CISA, required action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use if mitigations are unavailable CISA guidance. CISA’s KEV entry sets a remediation due date of 2025-10-23 for this vulnerability CISA due date. MITRE’s record confirms the CVE assignment and tracks authoritative metadata for CVE-2015-7755 MITRE CVE. CISA flags known ransomware campaign use as unknown at this time CISA KEV status.

Why it matters

An issue that enables unauthorized administrative access on a network security device is high impact because it directly compromises the control plane of the device NVD impact. KEV inclusion signals that reliable exploitation has been observed and that defenders should prioritize remediation over routine patch cycles CISA KEV criteria. CVE-2015-7755 was originally assigned in 2015, underscoring that legacy flaws continue to present current operational risk when they remain unmitigated MITRE CVE record.

For asset owners, the risk is straightforward: a threat actor who attains administrative access can modify policies and settings with full device privileges, which NVD summarizes as unauthorized admin access via improper authentication NVD summary. That combination—known exploitation and admin-level access—warrants emergency handling aligned to CISA’s KEV timelines CISA KEV.

Technical detail

The vulnerability tracked as CVE-2015-7755 affects Juniper ScreenOS and is categorized as CWE-287 (Improper Authentication) NVD CWE-287. According to NVD, exploitation may allow an attacker to gain administrative access to ScreenOS without proper credentials, which constitutes a remote privilege escalation to the highest level on the device NVD impact. The authoritative CVE metadata, including identifiers and references, is maintained by MITRE for CVE-2015-7755 MITRE CVE.

CISA’s KEV catalog entry confirms active exploitation has been observed and mandates remediation by the specified due date for covered organizations, reinforcing the urgency of this issue CISA KEV. The KEV guidance further instructs organizations to apply vendor mitigations, follow applicable federal directives such as BOD 22-01 where relevant, or discontinue the product if mitigations are not available CISA guidance.

Defense

• Execute CISA’s required action immediately: apply vendor mitigations, adhere to applicable BOD 22-01 directives, or discontinue affected ScreenOS devices if a fix is unavailable CISA guidance.
• Prioritize identification of any Juniper ScreenOS assets in exposure management and vulnerability tracking, aligning with KEV prioritization practices for known exploited issues CISA KEV.
• Reduce attack surface by restricting management-plane access to trusted networks and administrators only, given the vulnerability’s ability to yield unauthorized administrative access NVD impact.
• Increase monitoring around configuration changes and administrative sessions on ScreenOS devices during the remediation window; known exploitation status elevates the likelihood of opportunistic attempts CISA KEV.

Lyrie Verdict

CVE-2015-7755 is now a KEV-tracked, actively exploited route to administrative control on Juniper ScreenOS, and that’s a machine-speed target for adversaries scraping KEV to drive scans and exploitation CISA KEV. Lyrie’s stance: do not wait for log reviews. We enforce autonomous, management-plane-focused detection that correlates authentication context with control-plane actions and flags configuration-impacting operations even when credentials appear "valid"—the precise failure mode of improper authentication NVD CWE-287. Pair that with continuous KEV-driven targeting intelligence so ScreenOS management endpoints are placed under elevated scrutiny until remediation closes exposure CISA guidance.