Previous Story
Firewall Breached – Juniper Releases Fix Patches
Posted On Dec 19 2015
Comment: Off
The malicious code could also have allowed a hacker to decrypt VPN connections, he said.
That code could allow “a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections”, Juniper described in its blog warning customers.
Juniper has issed a patch for ScreenOS, with all Netscreen devices running version 6.2.0r15 to 6.2.0.r18 are affected by the serious vulnerability. In fact, this sort of compromise happens far more commonly than most vendors, especially security companies want to admit, Mogull says. Visit Light Reading’s security content channel.
Specifically, hackers found a way to stick “unauthorized code” in the operating system that runs Juniper’s firewall device.
According to Worrall, Juniper launched an investigation once it discovered the vulnerabilities, and has developed updates for the latest version of ScreenOS to fix the issue.
The pair of issues that created the backdoor would allow anyone who knows about it to remotely log in to the firewall as an administrator, decrypt and spy on supposedly secure traffic, and then remove any trace of their activity.
The U.S. has denied being behind the implementation of the code, and some U.S. officials believe that China and Russian Federation are likely responsible due to the level of sophistication necessary to carry out this type of attack. “Upon exploitation of this vulnerability, the log file would contain an entry that system had logged on, followed by password authentication for a username”, Juniper’s advisory states.
Two types of vulnerabilities were detected. “It is independent of the first issue”.
However, a separate NSA toolkit called FeedThrough, revealed in 2013, outlined how the agency has been able to bypass Juniper’s firewalls for years. This is why hackers usually target firewalls, namely, because they retain the most information.
Juniper’s issued an out-of-band patch for the problem and strongly recommends its application “as soon as possible”.
Edward Snowden’s leaks about USA surveillance practices at home and overseas included details about the National Security Agency’s Tailored Access Operations (TAO) and the tools the agency apparently used as part of the operation to infiltrate systems.
It isn’t yet known if the code was altered by a Juniper employee or outside interference. In that report, one of the tools was said to be specific to Juniper’s NetScreen products.
