Friday, December 18, 2015

Juniper Discloses Unauthorized Code in ScreenOS

Juniper Networks disclosed the discovery of unauthorized code in its ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.


It is not known who inserted the code into the OS nor how long it has been there.

All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected by these issues and require patching.

The urgent security bulletin urges customers to update their systems and apply the patched releases with the highest priority.

http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554