Juniper finds VPN decryption code in source: Patch out now

Unfortunately, the earliest affected operating system version, ScreenOS 6.2.0r15, has been released in 2008, which means attackers had nine years at their disposal to carry out their attacks and then step back into the shadows.

The second issue (CVE-2015-7756) could allow a skilled attacker to intercept and decrypt VPN traffic, but Juniper says that there is no indication that there have been any successful exploits.

However, Worrall did not reveal the source from which Juniper thinks the unauthorized code had originated.

A senior US official who declined to be named because of the sensitivity of the matter said the Department of Homeland Security is working with Juniper as it investigates the issue.

Meanwhile, Juniper partner SecureData this morning issued its customers with a threat advisory relating to the vulnerability.

“This is troubling in a broader sense that decrypting the traffic defeats the goal of having the VPN and would allow anyone to sniff the network and have access to that traffic”.

“During a recent internal code review, Juniper discovered unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections”, he warned.

“If it’s been around since 6.2, it’s certainly been very low profile and if it was a used vulnerability, it would have hit somewhere by now”, he said. Unfortunately, they do not know how the code got there or by whom it was introduced, but they do have their suspicions. These two issues are independent of each other. It has also been reported that the unauthorized code may have been present since 2008. It has been speculated that the most likely culprit for such tampering would be the NSA or one of its many counterparts around the world.

The compromise of such a prominent vendor with code specifically designed for spying echoes operations by the NSA described in documents leaked in 2013 by former contractor Edward Snowden. They installed covert implant firmware onto the device before sending it to its final destination.

Malware known as Feedtrough “burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers, “Der Spiegel said”.

Neither Juniper nor the Federal Bureau of Investigations, which separate reports claim are also on the case, have responded to media inquiries for comment.

FBI probes breach at Juniper Networks-CNN


Leave A Comment