Juniper has announced that they have identified code enabling an attacker admin access to their network devices potentially enabling them to decrypt VPN connections. The unauthorized code might have been present since at least 2012.
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.No comments as to whether the code might have been inadvertently introduced or is the result of a breach. The nature of the access would also allow for an attacker to delete logs of access to the device. Tags: juniper backdoor
More from: forums.juniper.net
show/hide source |