Net Security

03:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Juniper Discovers Unauthorized Code In Its Firewall OS

Code was designed to decrypt VPN communication and enable remote administrative control of devices.

Security researchers today expressed deep concern over the disclosure by Juniper Networks this week that it had discovered unauthorized code in its ScreenOS firewall operating system that could allow an attacker to decrypt VPN communications or take complete administrative control of a compromised system.

In an out-of-cycle advisory issued yesterday, Juniper senior vice president and CIO Bob Worrall said the company discovered the code during an internal review recently and had moved quickly to patch the vulnerabilities. “We launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” Worrall said.

According to the company, all Juniper NetScreen devices running versions OS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 of ScreenOS are vulnerable and need to be patched immediately.

In a separate advisory, Juniper said the code causes two security issues. “The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system,” the company noted. Certain entries in the log file would indicate if someone had exploited the vulnerability, Juniper said.

Read the full article here on Dark Reading.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
1/11/2016 | 12:11:58 PM
Re: Cisco
Hi Jerome -- Juniper posted a blog post late Friday with an update on this that provides some details on its security review of its products in the wake of the breach. "We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products," wrote Bob Worrall, SVP CIO at Juniper.

 
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/28/2015 | 6:32:19 AM
Re: Cisco
Great, so we are waiting. Maybe that will encourage others vendors start review their code and let's public now about the result.
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/28/2015 | 6:26:50 AM
Re: Cisco
Hi Marcia,

Thanks for the link, very informative !

If some strongest features/technologies/tools used by vendors nowadays come from these kind of organisations how these kind of problems can't appear :) just an idea!
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
12/26/2015 | 9:49:02 PM
Re: unauthorized code
@Ashu001 that is a good point. Cost-benefit Analysis can be viewed as a good starting point. Firms will have to assign the appropriate weightages to the advantages and disadvantages. If a business offers a wide range of products to a wide range of customers then, the ripple effects can also create disadvantages in other product lines. For instance, if a manufacturer's switches are blacklisted due to security concerns, customers will be vary of the manufacturer's smartphones as well, etc. 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:46:16 AM
Re: unauthorized code
Brian,

Ultimately most folks in Enterprises do cost benefit Analysis and also in this case-What happens if I lose my data?

How much is it really worth to an attacker/ adversary?

What my personal feeling is that most Enterprises tend to understand the Costs associated with such an issue-Aggressively in some cases.

That needs to stop and we need a more realistic analysis of the ROI and costs involved with a Breach.

thats when everything will hopefully change.

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:42:47 AM
Re: Cisco
Jerome,

If you do read all the Research done on this Backdoor issue HERE-rpw.sh/blog/2015/12/21/the-backdoored-backdoor

It becomes quite clear that the NSA did really put the Backdoor in the Algorithm in the hope that atleast some folks would take the bait.

It should not be surprising to most folks that the Vulnerability in the Algorithm was known since 2007 but none of the Vendors did anything to patch it before this issue broke out and garnered massive media attention.


You are quite right that spyware could be inserted anywhere in the code but to do so obviously and brazenly points the finger directly at the authorities involved.

 

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:34:06 AM
Re: unauthorized code
PMIT,

LOL!!!

This is so so funny and so true!

You will be surprised to know that Huawei networking Gear has found immense acceptance and popularity all across the Developing world today.

Do you feel this would have been the case if they were definitely Spying on all Consumer Data?

I most certainly don't think so and I won't be surprised if one of the major US-centric Vendors Lobbibed some of the Congressmen to push through this ban previously(its just that in the US they call such Financial Contributions as Lobbying).
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/25/2015 | 4:29:05 AM
Re: unauthorized code
Aditshar1,

The Security Blogosphere is abuzz discussing this very topic currently.

And most folks seem to be veering towards the fact that Yes,Juniper did work with the NSA to add Backdoors in their Networking Gear.

If that is true,then what's to stop the NSA from doing the same with Cisco or Dell or HP today?

The possibilities are absolutely mind-boggling!!! Is it any wonder most Privacy-minded folks are crying foul over the New CISA law?

Its most unfortunate that the country that was built on the basis of Liberty and freedom as two of its main building blocks has to resort to such under-hand tactics to basically suppress rebellion of any sorts whatsoever.

 
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
12/23/2015 | 3:22:02 PM
Re: Cisco
Hi Jerome! You're right, attackers can infiltrate every layer. We're still waiting for more information on this from Juniper, but security researchers have figured some things out according to this report.
Jerome Amon
50%
50%
Jerome Amon,
User Rank: Ninja
12/22/2015 | 7:33:57 PM
Re: unauthorized code
Hi, but there are some ISP which are swapping all the existing equipement from the fronthaul to core by Huawei only equipements. about backdoors, i think that is not a problem now.
Page 1 / 2   >   >>
Slideshows
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed