Juniper discovers 'unauthorised code' on ScreenOS

Juniper has announced that is has discovered ‘unauthorised code’ on ScreenOS security operating systems. The code was discovered as part of a full code review, and the company claims knowledgeable people could decrypt traffic on VPN tunnels on their Netscreen devices.

Furthermore, although Juniper will not confirm, the ‘unauthorised code’ could have been present since 2008 due to the OS version said to be affected. The earliest version affected is ScreenOS, 6.2 which was released back in 2008.

Juniper’s statement was brief: “During a recent internal code review, Juniper discovered unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”

Because this is not just a zero-day exploit there is suspicions that this could well have arisen from an internal SNAFU where rejected code failed to be removed from production OS. This would be extremely bad news for Juniper but certainly much better than the alternative, which is someone deliberately sneaking the code into the Juniper OS in order to do some snooping on known Juniper customers.

The latter could even point to Nation State level actors. Whatever the source of the code, this will be damaging to Juniper as it has had unauthorised code on its production systems, potentially for years, which allowed customers’ confidential information to be monitored.

Image source: Shutterstock/McIek