[AusNOG] Juniper ScreenOS backdoor

Jonathan Thorpe jthorpe at Conexim.com.au
Wed Dec 23 14:10:42 EST 2015


Some interesting analysis for anyone who has been following this:
https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

Apparently Cisco is now reviewing their own code as a result:
http://blogs.cisco.com/security/update-for-customers

Which begs the question... shouldn't this be happening already, especially for network equipment - let alone security appliances?


From: Jonathan Thorpe
Sent: 18 December 2015 12:52
To: ausnog at lists.ausnog.net
Subject: Juniper ScreenOS backdoor

Hi All,

If anyone has any ScreenOS gear still running, you might want to have a look at this:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713

It doesn't say as much, but US-CERT seem to indicate that this is effectively backdoor code:
https://www.us-cert.gov/ncas/current-activity/2015/12/17/Juniper-Releases-Out-band-Security-Advisory-ScreenOS

"Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections."

Not cool.

Kind Regards,
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151223/af2a848e/attachment.html>


More information about the AusNOG mailing list