Juniper Networks announced yesterday that they had released an emergency fix after discovering "unauthorized code "in ScreenOS, the operating system of its NetScreen firewall, which could allow" a skilled attacker to gain administrative access to NetScreen devices and decrypt VPN connections. "Juniper Networks provides services that are used by the government the United States as well as private companies.
a blog on the Juniper website said that the revision of the internal code revealed vulnerabilities. Adding that "All NetScreen ScreenOS 6.2.0r15 by using 6.2.0r18 and 6.3.0r12 by 6.3.0r20 are affected by these problems and require patching. We strongly recommend that all customers update their systems and apply these versions patched with the highest priority. "
While so far they say they have not received any reports of incidents where these vulnerabilities were exploited, Juniper strongly recommends applying the update as soon as possible.
We wanted to make our customers aware of this vulnerability, and we recommend that anyone using Juniper to complete the update as soon as possible.
the discovery of the "secret code" in the Juniper system also illustrates the dangers of encryption backdoors the US government does not cease to grow. As noted in Wired: "This is a great showcase for why governments backdoors are really something should not have these types of devices, because at some point it will turn against." This code was a "backdoor" itself, and may have allowed hackers to take control of the system and decrypt the encrypted traffic running through the VPN on Juniper firewalls. Forbes also reinforces this point.
Additional information on the application of the update is available on the website response to Juniper security incidents.
0 Komentar