Juniper Networks has urged customers to download a security patch after “unauthorised” backdoor code was discovered in its NetScreen firewalls that could allow spying on VPNs.
The company said it discovered the code during a “recent code review”, and there is no word on how the backdoor got there, who was responsible for it, or how long it has been in place.
Juniper made the announcement of the backdoor discovery in a blog posting by Bob Worrall, SVP and Chief Information Officer.
The company warned the flaw surreptitiously decrypts traffic sent through virtual private networks.
“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software,” wrote Worrall.
“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”
Worrall said further information about the update can be found the company’s Security Incident Response website.
Juniper said that it “strongly recommend” that customers apply the update to their systems with the “highest priority”. The backdoor vulnerability affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
The flaw does not affect SRX or any other Junos-based system.
The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA or another similar intelligence organisation in light of the Edward Snowden revelations.
Indeed, Snowden revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer and installed covert firmware.
Unfortunately, it may never be discovered who installed this particular backdoor into the Juniper firewalls, and it should be noted that backdoors in tech kit are not exactly uncommon.
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…