Government Agencies probed over use of backdoored Juniper equipment

The U.S. House Oversight and Government Reform Committee is probing US Government Agencies over use of backdoored Juniper equipment.

A number of US Government Agencies are concerned about the use of Juniper firewalls affected by the recently uncovered backdoor.

The U.S. House Oversight and Government Reform Committee has sent letters to dozens of government agencies and departments asking more information about the use and patching of vulnerable Juniper Networks solutions.

The list of recipients includes the Securities and Exchange Commission (SEC), the Secretary of Agriculture, GSA, the Secretary of Commerce, the Secretary of Labor, the Department of Energy, Veterans Affairs, the Environmental Protection Agency (EPA), the Treasury Secretary, the United States Agency for International Development (USAID), the Department of the Interior, the Department of Transportation, and the Department of Education.

It is crucial for the U.S. House Oversight and Government Reform Committee understand how the Government agencies used the backdoored systems, whether any vulnerable devices were used, which data they managed.

In December 2015, an “unauthorized code” was discovered in the operating system for Juniper NetScreen firewalls. The company admitted the presence of the “unauthorized code” that could allow an attacker to decrypt VPN traffic.

The presence of the unauthorized code could date back to 2008, the experts referred a 2008 notice issued by Juniper’s about a security issued that impacts ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. ScreenOS 6.2 was released. The Screen OS 6.3 was presented in 2009.

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper Chief Information officer Bob Worrall wrote. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.” states the advisory.

The experts explained that there are several releases with numerous versions of the Juniper products and the unauthorized code was only found in some of them. Later, security researchers confirmed the presence of two vulnerabilities that can be respectively exploited to remotely gain administrative access to a device via telnet or SSH (CVE-2015-7755) and to decrypt VPN traffic (CVE-2015-7756).

Many experts speculate the involvement of the NSA, one of the documents leaked by Edward Snowden and disclosed by the German Der Spiegel revealed that the US intelligence had the ability to plant a backdoor in various network equipment, including Juniper firewalls.

The U.S. House Oversight and Government Reform Committee requests the Government agencies to audit their use of Juniper ScreenOS firewalls, the deadline is February 4.

The Committee urges to know the measures adopted by IT staff to address the vulnerabilities.

Stay Tuned!

Pierluigi Paganini

(Security Affairs – Juniper, backdoor)