During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
- Juniper devices running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20
Juniper identified two security issues during an internal code review.
The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system. Upon exploitation of this vulnerability, the log file would contain an entry that 'system' had logged on followed by password authentication for a username.
The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue. There is no way to detect that this vulnerability was exploited.
Juniper SIRT is not aware of any malicious exploitation of these vulnerabilities.
- Apply vendor-specific updates once they become available after appropriate testing.
- Verify no unauthorized system modifications have occurred on the system before applying patches.
- Monitor intrusion detection systems for any signs of anomalous activity.
- Use access lists or firewall filters to limit management access to the device only from trusted, internal, administrative networks or hosts.