Juniper Patches Firewall Backdoor Risk

Older-model Juniper ScreenOS-based firewalls are patched for vulnerabilities that could leave organizations exposed to risk.

Networking vendor Juniper reported on Dec. 17 that it discovered multiple security issues in its ScreenOS network security operating system, including backdoor access code.“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker who can monitor VPN [virtual private network] traffic to decrypt that traffic,” Juniper wrote in a statement emailed to eWEEK. “Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices.”Juniper also noted in its statement that the company has already reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority. For Juniper customers that may be impacted by the ScreenOS issue, Tod Beardsley, security research manager at Rapid7, recommends that, in addition to updating the firmware immediately, organizations also change passwords and investigate their own networks for potential compromises.The backdoor issue is identified as CVE-2015-7755 and, according to Juniper’s advisory, exploitation of the vulnerability can lead to complete compromise of a system.

Source: Juniper Patches Firewall Backdoor Risk