Juniper has announced that they have identified code enabling an attacker admin access to their network devices potentially enabling them to decrypt VPN connections. The unauthorized code might have been present since at least 2012.
No comments as to whether the code might have been inadvertently introduced or is the result of a breach. The nature of the access would also allow for an attacker to delete logs of access to the device.
IMPORTANT JUNIPER SECURITY ANNOUNCEMENT
POSTED BY BOB WORRALL, SVP CHIEF INFORMATION OFFICER ONDECEMBER 17, 2015
Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software.
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.
At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.
On behalf of the entire Juniper Security Response Team, please know that we take this matter very seriously and are making every effort to address these issues. More information and guidance on applying this update to systems can be found in the Juniper Security Advisories (JSAs) available on our Security Incident Response website at http://advisory.juniper.net.
Bob Worrall
SVP Chief Information Officer
Q: Why did this issue require an out-of-cycle security advisory? Juniper is committed to maintaining the integrity and security of our products. Consistent with industry best practices, this means releasing patches for products in a timely manner to maintain customer security. We believed that it was in our customers best interest to issue these patched releases with the highest priority.
We strongly recommend that all customers update their systems and apply these patched releases as soon as possible.
Q: What devices does this issue impact?
All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected by these issues and require patching. We strongly recommend that all customers update their systems and apply these patched releases with the highest priority.
Q: Is the SRX or any other Junos-based system affected by these issues?
These vulnerabilities are specific to ScreenOS. We have no evidence that the SRX or other devices running Junos are impacted at this time.
Q: Who can I contact if I have additional questions about my system?
Customers with questions about their systems should e-mail us at sirt@juniper.net
3 Comments (3 New)
Permalink
1
Back to Blog
Older Article
Comments
by
ralvarado@clearslide.com
on
12-17-2015
04:12 PM
Options
Mark as Read
Mark as New
Bookmark
Highlight
Print
Email to a Friend
Report Inappropriate Content
Hello, Are there a workaround for the decrypting vpn connections part of the vulnerablity?Thanks,-Rico
Permalink
0
by
digger33
12-17-2015
05:13 PM
- edited
12-17-2015
05:17 PM
Options
Mark as Read
Mark as New
Bookmark
Highlight
Print
Email to a Friend
Report Inappropriate Content
The original version of this article mentioned username 'system'; was this in error, or was it removed for some other reason? How can customers identify a successful attack through the logs?Update: Found the reference, it was in the KB, not the advisory:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST&smlogin=true
Permalink
0
by
sebastianw
on
12-18-2015
12:45 AM
Options
Mark as Read
Mark as New
Bookmark
Highlight
Print
Email to a Friend
Report Inappropriate Content
I'm curious about how that code was added and who added it? Will there be further information?
Permalink
0
Back to Blog
Older Article
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Post a Comment
Announcements
New feature: Add your Social icons to your profile
Top Tags
incidentresponsesecuritySIRT
View All
Community Resources
Event calendar
Technical webcast recordings
Products
Training
Terms of Service
About the Author
cbn
Juniper Employee
Dave Dugal (DaveDugal)
Juniper Employee
Senior Product Security Incident Manager
Juniper SIRT
Derrick Scholl (dscholl)
Juniper Employee
mpaulsen
Juniper Employee
Latest Articles
Important Announcement about ScreenOS
Hello World
Latest Comments
sebastianw
on:
Important Announcement about ScreenOS
GeorgD
on:
Hello World
Archives
12-13-2015 - 12-18-2015
View Complete Archives
About Juniper
Investor Relations
Press Releases
Newsletters
Juniper Offices
Green Networking
Resources
How to Buy
Partner Locator
Image Library
Visio Templates
Security Center
Community
Forums
Blogs
Social Media
Support
Technical Documentation
Knowledge Base (KB)
Software Downloads
Product Licensing
Contact Support
Follow Us
Site Map / RSS Feeds / Careers / Accessibility / Feedback / Privacy & Policy / Legal Notices
Copyright 1999-2015 Juniper Networks, Inc. All rights reserved.