This week Juniper Networks released that their operating system, ScreenOS that is used to manage firewalls and VPN services contained unauthorized code. This piece of unauthorized code poses multiple security threats to any platform or product that is running ScreenOS 6.2Or18 and 6.3Or12 through 6.3Or20.
The security bulletin released by the company stated that the origins of the unauthorized code are yet to be determined, but that it could potentially allow a knowledgeable attacker to obtain administrator access to NetScreen devices, as well as to decrypt VPN connections.
Although Juniper Networks had no inclination that there was unauthorized code, this issue has been present for years. This may mean that the confidential communications of customers have been monitored and compromised. While administrative access would have been recorded, it is possible for an attacker to remove any trace of that access.
Another concern worth noting is that an attacker with the ability to monitor VPN traffic could decrypt the secured traffic using the exploit, and leave no way of knowing whether the vulnerability had been exploited or not.
Juniper Networks has said that so far, no reports have been made regarding exploitation of these vulnerabilities. Regardless, the company has advised its customers to update their system and patch the firewalls as soon as they can.
The following software releases have been updated to resolve these issues:
In addition, earlier affected releases of ScreenOS 6.3O have been revamped to resolve these issues. These fixes are included in:
All software affected by these issues has been updated, and can be found here.
Bob Worrall, SVP Chief Information Officer, Juniper Networks has released the following statement:
“On behalf of the entire Juniper Networks Response Team, please know that we take this matter very seriously and are making every effort to address these issues. More information and guidance on applying this update to systems can be found in the Juniper Security Advisories (JSAs) available on our Security Incident Response website at http://advisory.juniper.net .”