Juniper Firewall Reported Hidden Backdoor in ScreenOS

By | December 18, 2015
Juniper Networks
Most commonly used network Firewall Device company Juniper Networks has announced that they have discovered  an unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
According to Juniper Networks statement
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Till now no any exploit is reported for this issue, They have released a critical patch to fix the issue and recommended to its customers to upgrade to latest version.

According to Juniper networks SVP Chief Information Officer Bob Worrall 

All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected by these issues and require patching. We strongly recommend that all customers update their systems and apply these patched releases with the highest priority.

Still they have not confirmed that when and how the backdoor occurred. The investigation on it is still going on.

 

Subscribe for latest security updates