Juniper have just released a product security alert regarding their NetScreen / ScreenOS devices. During an audit, it was discovered that their source code was compromised and an unknown attacker planted a backdoor within the firewall code.
The backdoor permitted:
1. Unauthenticated remote administrative access over SSH or telnet.
2. IPSec VPN traffic decryption (possibly by leaking private keys to the attacker).
Detailed information can be found in JSA10713.
Am I vulnerable?
The ScreenOS firmware was compromised in August 2012.
Only ScreenOS versions 6.2.0r15 to 6.2.0r18, and 6.3.0r12 to 6.3.0r20 are known to contain the backdoor. If you are running a version number below this release, earlier than August 2012, then your network should be secure. Juniper recommends that anyone using these firmware versions should upgrade immediately.
Fixes are included in: 6.3.0r12b, 6.3.0r13b, 6.3.0r14b, 6.3.0r15b, 6.3.0r16b, 6.3.0r17b, 6.3.0r18b, 6.3.0r19b
CVE-2015-7755 has been assigned for this issue.
This is a timely reminder to employ "defence in depth" techniques, such as installing layered firewalls from different vendors, to protect your internal assets in the event one is defeated.
Have a safe and relaxing holiday season,