For Juniper customers that may be impacted by the ScreenOS issue, Tod Beardsley, security research manager at Rapid7, recommends that, in addition to updating the firmware immediately, organizations also change passwords and investigate their own networks for potential compromises.
Advertisement
Juniper claimed that there were two independent issues regarding the unauthorized code: the first issue allows unauthorized remote administrative access to the device over SSH or telnet, and exploitation of the vulnerability can lead to complete compromise of the affected system.
Juniper Networks has revealed that “unauthorised code” has been found in an operating system used to manage firewalls that can be exploited to decrypt traffic as it flows through virtual private networks (VPNs). Firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on some security rules.
The code can be used by an attacker who knows about its existence to get administrative access to devices running ScreenOS and decrypt VPN connections, Juniper senior VP and CIO Bob Worrall wrote in a security advisory issued Thursday.
After identifying these vulnerabilities, the firm launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.
Malware known as Feedtrough “burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers, “Der Spiegel said”.
The second issue (CVE-2015-7756) could allow a skilled attacker to intercept and decrypt VPN traffic, but Juniper says that there is no indication that there have been any successful exploits.
The vulnerability was found in ScreenOS which powers NetScreen firewall devices. Juniper has recently announced a new strategy for a disaggregated Junos to enable a more flexible software-defined networking (SDN) approach.
Advertisement
Unfortunately, the earliest affected operating system version, ScreenOS 6.2.0r15, has been released in 2008, which means attackers had nine years at their disposal to carry out their attacks and then step back into the shadows. The NSA has targeted Juniper firewalls in the past.
