Juniper Finds, Patches Own Bugs

Tuesday, December 22, 2015 @ 02:12 PM gHale

There is a high-impact vulnerability affecting Juniper Networks’ ScreenOS on its NetScreen devices, and researchers want users to update their systems with their patch “with the highest priority.”

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper CIO Bob Worrall said in a blog post.

Cisco Working to Fix Deserialization Holes
Java App Servers Vulnerable
Oracle Issues Security Patches
Patched Cisco Web VPNs Hit by Attack

The vulnerability suffers from two issues: One that allows unauthorized remote administrative access to the device over SSH or telnet (and can lead to complete compromise of the affected system), and one that allows a knowledgeable attacker to decrypt encrypted VPN traffic.

Juniper has not found any exploits leveraging the vulnerabilities, but in the advisory they said there is a way for an attacker to remove evidence the victimized device suffered a compromise, and here is no way to detect the second issue has been exploited.

The flaw affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

“These vulnerabilities are specific to ScreenOS. We have no evidence that the SRX or other devices running Junos are impacted at this time,” Worrall said.