Unauthorized code found in Juniper’s firewall OS

An operating system running on firewalls sold by Juniper Networks contains unauthorized code that could be exploited to decrypt traffic sent through virtual private networks.

An “unauthorized code” was discovered in the operating system for Juniper NetScreen firewalls. The company admitted the presence of the “unauthorized code” that could allow an attacker to decrypt VPN traffic.

[“unauthorized code”] “could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.”

According to The Register, the presence of the unauthorized code could date back to 2008, the experts referred a 2008 notice issued by Juniper’s about a security issued that impacts ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. ScreenOS 6.2 was released. The Screen OS 6.3 was presented in 2009.

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper Chief Information officer Bob Worrall wrote. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.” states the advisory.

The experts explained that there are several releases with numerous versions of the Juniper products and the unauthorized code was only found in some of them.

A separate advisory issued by the company confirm the presence of two separate vulnerabilities in its products, the first one allows unauthorized remote administrative access to an affected device over SSH or telnet, “The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic,” the advisory said. “It is independent of the first issue. There is no way to detect that this vulnerability was exploited.”

The presence of unauthorized code is disconcerting, one of the most important vendors of security appliances inserted an unauthorized code in a number of its products.

Giving the nature of the code it is difficult to think that the code was accidentally “inserted” in the OS, it is likely that it was used to monitor customers’ confidential communications.

Users urge to update their products, Juniper has issued an out-of-band patch to fix the issue.

Stay Tuned …

Pierluigi Paganini

(Security Affairs – Juniper firewall, unauthorized code)