Skip to main content

Cisco reviews its code following the Juniper flaw discoveries

Cisco has conducted an investigation into its internal code, following the discovery of a security flaw in Juniper Networks' virtual private network (VPN).

It is feared that the flaw might have exposed government private data to hackers, state-sponsored groups and foreign spies. Cisco said it has found no unauthorized code in its products.

"We have seen none of the indicators discussed in Juniper’s disclosure. Our products are the result of rigorous development practices that place security and trust at the fore. They also receive continuous scrutiny from Cisco engineers, our customers, and third party security researchers, contributing to product integrity and assurance,” Cisco’s Anthony Grieco wrote in a blog post on Monday.

The company also added that the investigation was not forced upon it by law enforcement agencies or anyone else.

The discovery of the security flaws in Juniper’s VPN caused quite the stir, with the FBI getting involved. It is being suspected that a state-sponsored group might have injected the malicious code into the VPN, but no fingers have been pointed yet. Of course, China and Russia are the main suspects, but the US government was also not excluded.

One U.S. official described it as akin to "stealing a master key to get into any government building."

A senior administration official told CNN, "We are aware of the vulnerabilities recently announced by Juniper. The Department of Homeland Security has been and remains in close touch with the company. The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur."