Juniper Issues Emergency Advisory After Rogue Backdoor Code Discovered

Juniper Networks has issued a statement regarding suspcious code found in its ScreenOS software.

Posted by SVP Chief Information Officer Bob Worrall, he stated that during a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices. This would permit decryption of VPN connections.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he said.

“At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”

Juniper claimed that there were two independent issues regarding the unauthorized code: the first issue allows unauthorized remote administrative access to the device over SSH or telnet, and exploitation of the vulnerability can lead to complete compromise of the affected system. The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic.

No other devices running Junos are impacted at this time, and Juniper stated that all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18, and 6.3.0r12 through 6.3.0r20 are affected by these issues and require patching.

Security researcher "The Grugq" pointed out that the backdoor had been present since late 2012, and can only be fixed by upgrading to the new software version.

What’s Hot on Infosecurity Magazine?