Juniper Firewall Backdoors
If someone hasn’t yet heard, Juniper issued a statement: code was found in ScreenOS versions from 6.2.0 to 15 to 6.2.0 to 18 and from 6.3.0 to 12 to 6.3.0 to 20, which allows persons with relevant information to do two things:
1) Authenticate to device via ssh
2) Play VPN traffic
Detecting penetration may not be easy.
')
Only ScreenOS is affected. SRX is fine. Probably.
More details:
forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
There are some reports that third parties picked up the keys to these backdoors. The publication of exploits in the very near future is not excluded. For example, right this weekend. There are patches from the vendor and it makes sense to update urgently or at least block access from untrusted networks via ssh if someone has not done this yet.
Here they painted the details on the backdoor, which allows you to log in to the device under any login. There is a password.
1) Authenticate to device via ssh
2) Play VPN traffic
Detecting penetration may not be easy.
')
Only ScreenOS is affected. SRX is fine. Probably.
More details:
forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
kb.juniper.net/InfoCenter/index?page=content&id=JSA10713
There are some reports that third parties picked up the keys to these backdoors. The publication of exploits in the very near future is not excluded. For example, right this weekend. There are patches from the vendor and it makes sense to update urgently or at least block access from untrusted networks via ssh if someone has not done this yet.
Here they painted the details on the backdoor, which allows you to log in to the device under any login. There is a password.
Source: https://habr.com/ru/post/273489/
All Articles