Juniper finds VPN decryption code in source: Patch out now

Users of NetScreen devices running ScreenOS 6.2.0r15 to 6.2.0r18, and 6.3.0r12 to 6.3.0r20 should patch their systems immediately, with multiple critical security issues found in ScreenOS.

Juniper has announced that it has found two critical security vulnerabilities in ScreenOS. The first would allow an attacker to decrypt VPN traffic and leave no trace of their actions, while the second allows complete compromise of a device via an unauthorised remote access vulnerability over SSH or telnet.

The company has released patched versions of ScreenOS, which are available now on its download page.

At the time of writing, Juniper said it is not aware of any malicious exploitation using these holes.

The vulnerabilities were found during an internal code review, Juniper chief information officer Bob Worrall said in a forum post.

"Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," he said.

"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority."

The company said it is not aware that its devices running Junos, including SRX, are affected by the issue.

Juniper also revealed that devices running ScreenOS 6.3.0r20 are vulnerable to a remote code execution issue following a system crash triggered by crafted SSH negotiation.

"A crafted SSH negotiation may result in a system crash when ssh-pka is configured and enabled on the firewall. In the worst-case scenario, the unhandled SSH exception resulting in a system crash could lead to remote code execution," the company said in a security advisory.

Juniper announced last month that it had hired Kevin Walker as its new security CTO.