Security Market Segment LS
  2. Home
  3. Business IT
  4. Security
  5. Spy Code found on Juniper Firewalls
Saturday, 19 December 2015 15:47

Spy Code found on Juniper Firewalls Featured

By
Spy Code found on Juniper Firewalls

A critical patch has been released for an issue that has existed since 2012.

Devices running Juniper's ScreenOS - the operating System used on the company's VPN-enabling firewalls are vulnerable. Specifically versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and subject to the patch.

According to Bob Worrall, SVP & CIO, "During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS."

An advisory details the specific versions affected and the urgency of the patch. This advisory makes clear that there are two separate issues. The ability to authenticate to the firewall as 'system' and also the ability to monitor and decrypt trsaffic.

Of greatest concern is the Juniper comment, "there is no way to detect that this vulnerability was exploited."

 

iTWire understands that the FBI is investigating the breach amid fears of foreign hackers or even state-sponsored attempts at intrusion.

The earliest nominated version affected by the advisory (6.2.0r15) appears to have first been made available to customers in late 2012.

Of course there is nothing to say that the "foreign hackers" aren't much more local that the US would care to admit. Much of the reporting of Snowden's material centres on the NSA's ability to infiltrate equipment from a number of manufacturers, including Juniper.

With the vulnerability having existed for over 3 years, and given the wide use of this equipment, a LOT of people are very worried.

Read 4336 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Latest from David Heath

More in this category: « CyberArk says more of the same – only worse How to get hacked in 2016 »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments