Jumping Juniper Batman. To the Batmobile

 In ITC's Threat of the Week

Christmas has come early for users of Juniper’s Netscreen/ScreenOS firewalls in the form of two absolutely monster vulnerabilities.

The first affects ScreenOS versions 6.3.0r17 through 6.3.0r20 and is the unbelievable news that there is a backdoor password that allows full administrative access to the device.

The password which is cunningly disguised in the code to look like a piece of debugging is:

<<< %s(un=’%s’) = %u.

This password works with any username – eeek.

Juniper has released a patch which is located here.

We don’t have to tell you that you had best get this done faster than a speeding bullet.

The second Juniper, ahem, ‘issue’ is the discovery of code on the very same devices which affects release ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. This very nasty piece of seriously advanced work allows an attacker to decrypt VPN sessions and retrieve the data.

You heard that correct – you can log in to NetScreen firewalls with a backdoor password and furthermore decrypt VPN sessions. What is more, this has been doable for ages. No need to panic, actually that’s a lie, this should prod even the most belligerent sysadmin into action.

Again the presumably very busy folk at Juniper have released a patch, which is detailed in the very same advisory above.

The good news is that Juniper’s code review cycle discovered these mysterious pieces of code. The question remains: How did they get there?

There are two working theories, both completely credible.

Theory 1 – A top secret NSA plan to decrypt data, as leaked by Mr Snowden, which has an actual slide claiming to be able to do this. Although the dates don’t quite match, this is not an unreasonable hypothesis.

Theory 2 – NetScreen was a Chinese product acquired by Juniper, who then went on to set up a dev operation in ermm, that’s right! China. What could possibly go wrong?

Whatever the root cause, this is a nightmare scenario for Juniper, whose share price is doing the predictable.

Obviously we recommend that if you have NetScreens that you patch them immediately and in the longer term, it is essential that you review the use of security technology from Juniper. You really have to reconsider.

If you would like any advice about these issues, or would like to discuss your security strategy (specifically in terms of product selection) going forwards, do contact us at: 020 7517 3900 or [email protected].

Ho, Ho Ho and a very Happy Christmas from all of us at ITC.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return

totw