[AusNOG] Juniper ScreenOS backdoor
jthorpe at Conexim.com.au
Wed Dec 23 14:10:42 EST 2015
Some interesting analysis for anyone who has been following this:
Apparently Cisco is now reviewing their own code as a result:
Which begs the question... shouldn't this be happening already, especially for network equipment - let alone security appliances?
From: Jonathan Thorpe
Sent: 18 December 2015 12:52
To: ausnog at lists.ausnog.net
Subject: Juniper ScreenOS backdoor
If anyone has any ScreenOS gear still running, you might want to have a look at this:
It doesn't say as much, but US-CERT seem to indicate that this is effectively backdoor code:
"Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG