Categories
privacy security

Unauthorized code in Juniper ScreenOS allows for administrative access

This is bad. Juniper is a major network equipment provider and a backdoor like this could lead to huge security compromise.

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Source: Important Announcement about ScreenOS® – J-Net Community

Update (2015-12-20): It could be a state-sponsored attack.