Computer & Internet

Juniper Networks Shortens ScreenOS Threat List

Juniper on Sunday knowledgeable prospects that latest safety threats to its ScreenOS weren’t as widespread as initially believed.

The corporate final week issued an alert following its discovery in ScreenOS of unauthorized code that might permit an attacker to achieve administrative management of units utilizing Netscreen
(Administrative Entry) or to decrypt a digital personal community (VPN Decryption).

The 2 points are unrelated to one another, in response to the corporate.

Juniper initially suggested all prospects that the Administrative Entry code affected ScreenOS 6.30r12 by 6.30r20, and that the VPN Decryption code affected ScreenOS 6.20r15 by 6.20r18, and it suggested customers to patch their programs.

“As soon as we recognized these vulnerabilities, we launched an investigation into the matter and labored to develop and situation patched releases for the newest variations of ScreenOS,” famous Bob Worrall, senior vice chairman and chief data officer.

That investigation led Juniper to slender the record of affected variations.

“Administrative Entry … solely impacts ScreenOS 6.3.0r17 by 6.3.0r20,” Worrall wrote in Sunday’s replace. “VPN Decryption … solely impacts ScreenOS 6.2.0r15 by 6.2.0r18 and 6.3.0r12 by 6.3.0r20.”

“We strongly suggest that each one prospects replace their programs and apply these patched releases with the best precedence,” he added.

Juniper had not obtained any notifications of exploitation of the vulnerabilities when it issued its unique alert final week, and as of Monday, it had nothing additional to share on the safety points, spokesperson Danielle Hamel informed TechNewsWorld.

NSA Suspicions

As a result of the vulnerabilities are harking back to the disclosures whistleblower Ed Snowden made about NSA strategies to achieve unauthorized entry to varied networking programs, questions have surfaced about whether or not the unauthorized code could possibly be related to backdoor authorities surveillance.

“The NSA ANT catalogue has detailed capabilities on penetrating Juniper firewalls and so they have spent appreciable effort and time constructing custom-made capabilities for a number of enterprise firewall distributors,”
Safety Lead Ian Trump informed TechNewsWorld.

Juniper declined to reply to TechNewsWorld’s particular questions in regards to the timing of its discovery of the newest vulnerabilities, however the firm vehemently denied working with authorities officers to put in code that might exploit its personal programs.

“As we have said beforehand, Juniper Networks [takes] allegations of this nature critically,” mentioned spokesperson Hamel. “To be clear, we don’t work with governments or anybody else to purposefully introduce weaknesses or vulnerabilities into our merchandise.”

The corporate “constantly operates with the best of moral requirements” and is dedicated to “sustaining the integrity, safety and assurance” of its merchandise, she mentioned.

Juniper beforehand investigated stories revealed in Germany’s Der Spiegel, which recommended that the NSA is likely to be utilizing “software program implants” to take advantage of vulnerabilities in its BIOS.

Launch notes from the corporate seem to point out the affected ScreenOS flaws date again to at the least 2012.

Open Supply Resolution?

“We do not know whether or not the offender on this occasion is the NSA or another state-based actor, however it’s clear that the community tools suppliers are targets — typically willingly, typically not,” mentioned Eli Dourado, analysis fellow and director of the Know-how Coverage Program at George Mason College’s

Transferring extra of the code that runs the center of the community to an open supply mannequin may forestall this kind of intrusion, he mentioned — and actually, he made that proposal in a 2013 New York Instances essay, following Snowden’s revelations about NSA surveillance practices.

“With extra eyeballs on the code, we could possibly discourage a few of these hacking makes an attempt and higher detect those that aren’t deterred,” Dourado defined.

The potential affect on Juniper’s buyer base seemingly shall be brief time period, mentioned Avivah Litan, vice chairman and distinguished analyst at .

“I feel it is protected to imagine each community know-how firm has had its know-how compromised by some authorities, and I feel most CIOs notice that,” she informed TechNewsWorld. “Juniper is not any completely different than others in that regard.”
Juniper Networks Shortens ScreenOS Threat List Juniper
Back to top button