Juniper Networks

Juniper Networks released a emergency patch for its screenOs

Share This:

Juniper Networks released a emergency patch for its screenOs yesterdays because of vulnerability with unauthorised code which could allow an attacker to gain administrative access and decrypt VPN connections. Juniper, however have not commented on the origin of the code it found.
According to threatpost.com(1) “Juniper senior vice president and chief information security officer Bob Worrall said today that two vulnerabilities were discovered during a recent internal code review affecting ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. The earliest affected version was released Sept. 12, 2012, less than a year before the Snowden revelations began.”

The vulnerability has been designated as CVE-2015-7755. Juniper’s Security Incident Response Team (SIRT) strongly recommends users upgrade to a fixed release of ScreenOS to resolve these critical vulnerabilities (see https://www.kb.cert.org/vuls/id/480428)

For further details see http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554

References
1. https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/#sthash.6A89kyJ4.dpuf
For further details see

Posted in CVE, Hardware Devices, Security, Vulnerabilities and tagged , , .