http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/
By Dan Goodin
Ars Technica
Dec 17, 2015
An operating system used to manage firewalls sold by Juniper Networks
contains unauthorized code that surreptitiously decrypts traffic sent
through virtual private networks, officials from the company warned
Thursday.
It's not clear how the code got there or how long it has been there. An
advisory published by the company said that NetScreen firewalls using
ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are
affected and require immediate patching. Release notes published by
Juniper suggest the earliest vulnerable versions date back to at least
2012 and possibly earlier. There's no evidence right now that the backdoor
was put in other Juniper OSes or devices.
"During a recent internal code review, Juniper discovered unauthorized
code in ScreenOS that could allow a knowledgeable attacker to gain
administrative access to NetScreen devices and to decrypt VPN
connections," Juniper Chief Information officer Bob Worrall wrote. "Once
we identified these vulnerabilities, we launched an investigation into the
matter, and worked to develop and issue patched releases for the latest
versions of ScreenOS."
A separate advisory from Juniper says there are two separate
vulnerabilities, but stops short of describing either as "unauthorized
code." The first flaw allows unauthorized remote administrative access to
an affected device over SSH or telnet. Exploits can lead to complete
compromise. "The second issue may allow a knowledgeable attacker who can
monitor VPN traffic to decrypt that traffic," the advisory said. "It is
independent of the first issue. There is no way to detect that this
vulnerability was exploited."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
