VPN Articles and News

Juniper Firewall Flaw Used To Decrypt VPN Traffic

Friday, April 29th, 2016

Juniper Networks, one of the largest manufacturers of routers, has uncovered a massive security flaw within its enterprise firewall solution. During a recent internal audit, the company’s employees discovered “unauthorized code” within ScreenOS, the operating system used in the Juniper’s Netscreen range of firewalls and enterprise VPN solutions. The breach is extremely serious because it targets corporate and government systems and can be used by the attackers to carry out dangerous attacks remotely.

As per security experts, the breach allows knowledgeable attackers to gain administrative access over target systems. More worryingly, the flaw can be used to decrypt Virtual Private Network traffic thus defeating the very purpose of using enterprise wide VPN solutions. And as if this was not enough, the breach even permitted attackers to erase computer logs thereby removing all traces of attacks from the target systems.

In a security bulletin posted on its website, Juniper has informed its customers that the breach affected NetScreen series of devices running on ScreenOS version 6.2.0 (Release 15 to 18) and 6.3.0 (Release 12 to 20). The post also mentioned that administrative access issue affected devices running on ScreenOS 6.3.0r17 to 6.3.0r20 while the VPN decryption problem was found in devices using ScreenOS 6.2.0r15 to 6.2.0r18 or 6.3.0r12 to 6.3.0r20. The bulletin also clarified that the vulnerability was specific to ScreenOS and was not found in SRX or Junos range of operating systems developed by the company.

Considering that ScreenOS 6.2.0r15 was released way back in 2008, it can be said that the flaw has been present in Juniper’s products for over 7 years. Since the company has not shed any light on the origins of the unauthorized code, we can only speculate whether this was the handiwork of a disgruntled employee, hacker, organization keen on spying on its competitors or a foreign government. Also, while the company has said that it did not find any evidence regarding the abuse of the breach in the real world; judging by the amount of time that has passed since the flaw was introduced into ScreenOS, we may soon come across instances of how the vulnerability was used to compromise corporate systems.

The news of the security breach has also made the US government sit up and take notice. Since Juniper sells routers and networking equipment to various US government departments, including Defense, Treasury, Justice and law enforcement; FBI is now investigating whether the breach was introduced by a foreign government with the intention of keeping an eye on the activities of the US government.

The breach could also be the handiwork of spying agencies like NSA which are known to intercept internet traffic and insert spying code into networking and computing products. As a matter of fact, Edward Snowden had warned some time back that NSA had helped GCHQ in finding loopholes within Juniper’s products and even installed unauthorized programs on the company’s systems.

Juniper has released an emergency security patch for the versions of ScreenOS affected by the security breach. The firm has also advised its customers to update to the latest versions of ScreenOS as soon as possible to remain safe from the vulnerability.

April 29, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 1 =