m2pc writes: Ars Technica reports that Juniper Networks firewalls have been discovered to include “unauthorized code” inserted into their ScreenOS software. Juniper has has published an advisory addressing the matter, with instructions to patch the affected devices. From the Ars article: “NetScreen firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. … The first flaw allows unauthorized remote administrative access to an affected device over SSH or telnet. Exploits can lead to complete compromise. ‘The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic, ‘ the advisory said.” The rogue code was discovered during a recent internal source code review conducted by Juniper. Read more of this story at Slashdot.
View original post here:
‘Unauthorized Code’ In Juniper Firewalls Could Decrypt VPN Traffic