Juniper finds backdoors in enterprise firewalls

Network equipment vendor Juniper has issued an urgent security alert for its Netscreen range of enterprise firewalls, after discovering "unauthorised code" in the device operating system that allows them to be fully compromised.

According to Juniper chief information officer Bob Worrall, the code was discovered during an internal review of the ScreenOS operating system for the Netscreen firewalls.

One vulnerability could be triggered to permit an attacker to log in via Secure Shell or telnet connections, and gain administrative privileges on Netscreen firewalls. 

A second, separate vulnerability lets attackers decrypt and intercept virtual private networking connections unnoticed.

Juniper has issed a patch for ScreenOS, with all Netscreen devices running version 6.2.0r15 to 6.2.0.r18 are affected by the serious vulnerability. ScreenOS versions 6.3.0.r12 to 6.3.0.r20 are also affected, Worrall said.

This means the backdoors have been in the devices at least since 2012, possibly longer.

Worrall urged customers to patch as soon as possible, "with the highest priority".

He did not say if Juniper had identified the person or organisation that had inserted the unauthorised code into ScreenOS.

Juniper has not received any reports of the vulnerabilities being exploited, the vendor said, but warned that skilled attackers would likely remove any log entries revealing unauthorised access. It also said the second vulnerability was undetectable.

A third, unrelated issue in ScreenOS has also been patched - it affects ScreenOS 6.0.r20 and can be exploited with a specially crafted SSH negotiation that can cause a system crash if private key authentication is enabled on the Netscreen firewall.

The system crash can be exploited to remotely execute arbitrary code, Juniper warned.