Juniper discovers leak via ‘unauthorized code’ in its ScreenOS software

Juniper, a maker of networking equipment, says it has discovered “unauthorized code” in its ScreenOS software. This made it possible for an attacker to remotely gain administrative access on certain devices and to decrypt VPN traffic.

Juniper reports that the vulnerabilities were revealed during an internal code review of the ScreenOS software used in NetScreen devices that act as firewalls and enable VPN connections. The problem is caused by code that the company cannot identify where it came from. This is remarkable, because this code may have been added to the software by a third party. The CIO site, among others, reports that the incident shows the traces of an action by a government.

The vulnerability, now also known as cve-2015-7755 and with a cvss score of 9.8 out of 10, appears in versions 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20. The first vulnerable version of the software was released in 2012. It is therefore recommended to update to one of the secure versions released by the company as soon as possible. Because many companies use Juniper’s products, the scale of the incident is large.

According to Juniper, it would not be possible to determine whether the vulnerabilities were actually used, because an experienced attacker would have had the opportunity to delete log files. The first vulnerability made it possible to connect to one of the vulnerable NetScreen devices via ssh or telnet and gain full control. The second leak, which made it possible to decrypt VPN connections, could also be used without detection.