Juniper Networks, a networking equipment maker, announced this week the spying code it found planted in some of the models of its firewalls.
Accordingly, there is a malicious code inside the products such as the running ScreenOS, an operating system of Juniper that runs several of the company’s appliances. The ScreenOS act as firewalls and enable Virtual Private Networks (VPNs). The vulnerabilities are apparently found out during a review conducted by the company, according to the blogpost by Bob Worral, SVP Chief Information Officer of the company on December 17.
"During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS."
The company recommends that customers to update their systems and apply the patched releases with the highest priority.
In the latest update on December 20, it was found out that he number of versions of ScreenOS® affected by each of the issues is more limited than originally believed. According to the post of the company, Administrative Access (CVE-2015-7755) only affects ScreenOS 6.3.0r17 through 6.3.0r20, and VPN Decryption (CVE-2015-7756) only affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
Juniper denied the allegations that it has something to do with the vulnerabilities.
“As we’ve stated previously, Juniper Networks takes allegations of this nature very seriously,” a company spokesperson told Forbes, according to an article on Top Tech News. “To be clear, we do not work with governments or anyone else to purposely introduce weaknesses or vulnerabilities into our products.
What do you think about the spying code on the firewall of Juniper products? Who could have installed it?
