Home / / Spying code found in Juniper's ScreenOS

Spying code found in Juniper's ScreenOS

Vendor recommends installing latest software release immediately

State-sponsored actors may have had a role in the pieces of code
State-sponsored actors may have had a role in the pieces of code

Juniper Networks has warned of piece of malicious code in its ScreenOS operating system, which powers a number of its appliances.

According to an advisory, there are two security issues which allow unauthorised remote administrative access to the devices.

The first one, Juniper said, affects its firewalls. Exploitation of the vulnerability can lead to complete compromise of the affected device, the vendor warned.

The affected versions of ScreenOS are 6.3.0r17 through 6.3.0r20, Juniper said. Upon exploitation of the vulnerability, the log file would contain an entry that ‘system' had logged on followed by password authentication for a username.

However, Junier also warned that a skilled hacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been compromised.

The second vulnerability is in relation to one of Juniper's VPN products. The vendor said that the issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue, Juniper said. This issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

There is no way to detect that the second vulnerability has been exploited, Juniper said.

While Juniper did not make any assertions over who might be behind the vulnerabilities, the fact that such a prominent vendor has been targeted with spying code suggests that state-sponsored actors may have a role in them.

In terms of protecting themselves against these issues, Juniper said that software releases have been issued, and advised customers to patch their systems immediately.