An operating system by Juniper Networks, used to manage firewalls, contained unauthorized code. This poses multiple security threats to any platform or product that is running ScreenOS 6.2Or18 and 6.3Or12 through 6.3Or20.
A security bulletin released by the company stated that the origins of the unauthorized code have yet to be determined, and is said it could potentially allow a knowledgeable attacker to obtain administrator access to NetScreen devices, as well as to decrypt VPN connections.
Potential Implications
Although Juniper Networks was none the wiser, this issue has been present for years. This could mean that the confidential communications of customers have been monitored and compromised. While it is true that any administrative access would have been recorded in logs, it is still entirely possible for an attacker to skillfully remove any trace of it.
Also, another concern is that an attacker with the ability to monitor VPN traffic could decrypt the secured traffic using the exploit, leaving no way of knowing whether in fact the vulnerability has actually been exploited.
Going Forward
Currently, Juniper Networks has said that so far, no reports have been made regarding exploitation of these vulnerabilities. Regardless, the company has advised its customers to update their system, as well as patch the firewalls that are affected as soon as possible.
The following software releases have been updated to resolve these issues:
- ScreenOS 6.2Or19
- 3Or21
- all subsequent releases
In addition, earlier affected releases of ScreenOS 6.3O have been revamped in order to resolve these issues. Fixes are included in:
- 3Or12b
- 3Or13b
- 3Or15b
- 3Or16b
- 3Or17b
- 3Or18b
- 3Or19b
All software affected by these issues has been updated, and can be found at https://www.juniper.net/support/downloads/screenos.html .
A Word from Juniper Networks
“On Behalf of the entire Juniper Networks Response Team, please know that we take this matter very seriously and are making every effort to address these issues. More information and guidance on applying this update to systems can be found in the Juniper Security Advisories (JSAs) available on our Security Incident Response website at https://advisory.juniper.net .“
- Bob Worrall, SVP Chief Information Officer, Juniper Networks
Stay up-to-date on the latest security threats and concerns impacting businesses like yours. Contact Veltec Networks at (408) 849-4441 or email us at info@veltecnetworks.com to learn about our managed IT services – giving you all the support you need at a flat-rate monthly fee.