Archive for December, 2015

screenos vulnerable

Sunday, December 20th, 2015

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.

Juniper are to be commended for taking code reviews seriously enough to find major security vulnerabilities. This is still a major concern, though: the choice of words, specifically “unauthorized code,” suggests this was no unintentional defect.