Juniper Warns of Spying Code in Firewall

Networking equipment maker Juniper Networks revealed this week that it had found spying code planted in some models of its firewalls. The products affected by the malicious code include those running ScreenOS, a Juniper operating system that runs several of the company?EU?s appliances that act as firewalls and enable VPNs (virtual private networks).

The vulnerable versions of ScreenOS include 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, according to an advisory the company released on its Web site.

The unauthorized code was found during a recent internal review, according to a blog post by Bob Worrall, Juniper?EU?s chief information officer. Worrall didn?EU?t say where the code might have came from, or whether the company suspects some kind of state-sponsored tampering. The National Security Agency (NSA) reportedly has targeted other major networking manufacturers in the past, including Cisco and Huawei.

Two years ago, the German magazine Der Spiegel reported that the NSA had used malware called Feedthrough that targeted Juniper firewalls. The malware was capable of surviving various reboots and software upgrades.

Juniper today denied having anything to do with the vulnerabilities, adding that it has not collaborated with any government agency to install backdoors in its systems. ?EU?As we?EU?ve stated previously, Juniper Networks takes allegations of this nature very seriously,?EU? a company spokesperson told Forbes. ?EU?To be clear, we do not work with governments or anyone else to purposely introduce weaknesses or vulnerabilities into our products.

Internal Review

An internal review by Juniper turned up a pair of problems, one of which could allow remote administrative access to a ScreenOS device over telnet or SSH. While log files would reflect a login attempt, Juniper acknowledged that a skilled attacker would probably remove these entries from the log file, thus wiping out signs indicating that the device had been compromised. The second vulnerability would enable an...

Comments are closed.