An operating system by Juniper Networks, used to manage firewalls, contained unauthorized code. This poses multiple security threats to any platform or product that is running ScreenOS 6.2Or18 and 6.3Or12 through 6.3Or20.
A security bulletin released by the company stated that the origins of the unauthorized code have yet to be determined, and is said it could potentially allow a knowledgeable attacker to obtain administrator access to NetScreen devices, as well as to decrypt VPN connections.
Although Juniper Networks was none the wiser, this issue has been present for years. This could mean that the confidential communications of customers have been monitored and compromised. While it is true that any administrative access would have been recorded in logs, it is still entirely possible for an attacker to skillfully remove any trace of it.
Also, another concern is that an attacker with the ability to monitor VPN traffic could decrypt the secured traffic using the exploit, leaving no way of knowing whether in fact the vulnerability has actually been exploited.
Currently, Juniper Networks has said that so far, no reports have been made regarding exploitation of these vulnerabilities. Regardless, the company has advised its customers to update their system, as well as patch the firewalls that are affected as soon as possible.
The following software releases have been updated to resolve these issues:
In addition, earlier affected releases of ScreenOS 6.3O have been revamped in order to resolve these issues. Fixes are included in:
All software affected by these issues has been updated, and can be found at http://www.juniper.net/support/downloads/screenos.html .
A Word from Juniper Networks
“On Behalf of the entire Juniper Networks Response Team, please know that we take this matter very seriously and are making every effort to address these issues. More information and guidance on applying this update to systems can be found in the Juniper Security Advisories (JSAs) available on our Security Incident Response website at http://advisory.juniper.net .“
Stay up-to-date on the latest security threats and concerns impacting businesses like yours. Contact Alary Clinitech at (416) 291-7377 or email us at email@example.com to learn about our managed IT services – giving you all the support you need at a flat-rate monthly fee.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders.Â They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters.Â Compared to other IT companies we have worked with, Alary Technologies comes on top.Â Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clientsâ€™ needs.Â It has been a pleasure to work with Ahmed and Alary Technologies.Â I would recommend their services to other companies and clinics.
â€œWe continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.â€
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I canâ€™t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.