Juniper Networks has urged customers to download a security patch after “unauthorised” backdoor code was discovered in its NetScreen firewalls that could allow spying on VPNs.
The company said it discovered the code during a “recent code review”, and there is no word on how the backdoor got there, who was responsible for it, or how long it has been in place.
Juniper made the announcement of the backdoor discovery in a blog posting by Bob Worrall, SVP and Chief Information Officer.
The company warned the flaw surreptitiously decrypts traffic sent through virtual private networks.
“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software,” wrote Worrall.
“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”
Worrall said further information about the update can be found the company’s Security Incident Response website.
Juniper said that it “strongly recommend” that customers apply the update to their systems with the “highest priority”. The backdoor vulnerability affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
The flaw does not affect SRX or any other Junos-based system.
The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA or another similar intelligence organisation in light of the Edward Snowden revelations.
Indeed, Snowden revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer and installed covert firmware.
Unfortunately, it may never be discovered who installed this particular backdoor into the Juniper firewalls, and it should be noted that backdoors in tech kit are not exactly uncommon.
Are you a security pro? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…