Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Backdoor in Juniper Firewalls Enables Remote Access

Networking and security company Juniper Networks revealed on Thursday that it has identified a couple of serious vulnerabilities that can be exploited to gain administrative access to some firewalls and decrypt VPN traffic.

Networking and security company Juniper Networks revealed on Thursday that it has identified a couple of serious vulnerabilities that can be exploited to gain administrative access to some firewalls and decrypt VPN traffic.

According to Juniper CIO Bob Worrall, the company recently conducted an internal code review which led to the discovery of unauthorized code in ScreenOS, the operating system used by Juniper’s NetScreen firewalls.

The unauthorized code introduces a backdoor that can be leveraged to remotely gain administrative access to the device via telnet or SSH. The company has pointed out that such access would normally result in an entry in the log file, but a skilled attacker would likely remove these entries to cover their tracks.

A second, independent vulnerability found in ScreenOS can be exploited by an attacker with access to VPN connections to decrypt VPN traffic.

“At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority,” Worrall said.

The administrative access vulnerability (CVE-2015-7755) affects products running ScreenOS 6.3.0r17 through 6.3.0r20. The VPN decryption flaw (CVE-2015-7756) impacts ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. The security holes have been patched with the release of ScreenOS 6.2.0r19 and 6.3.0r21. The fixes are also included in versions 6.3.0r12b, 6.3.0r13b, 6.3.0r14b, 6.3.0r15b, 6.3.0r16b, 6.3.0r17b, 6.3.0r18b and 6.3.0r19b.

Juniper says there is no evidence that SRX firewalls or other devices running the Junos operating system are impacted.

A Juniper Networks spokesperson told SecurityWeek that the patched releases also address an unrelated SSH bug in ScreenOS that could allow an attacker to conduct DoS attacks against ScreenOS devices. 

It’s worth noting that the earliest versions of ScreenOS containing the unauthorized code were released in 2012. Independent security researcher Adam Caudill and others have spotted a change in the code that could be responsible for enabling the decryption of VPN traffic.

Some speculate that the backdoor could be the work of the U.S. National Security Agency. In December 2013, German news magazine Der Spiegel reported obtaining a document describing tools used by the NSA to compromise routers, servers and firewalls from various vendors. The NSA document, known as the ANT catalog, also mentions Juniper’s NetScreen firewalls in a section describing an implant dubbed “FEEDTROUGH.”

Juniper Networks has refused to comment on the speculations that the backdoors were planted by the NSA.

*Updated with additional information from Juniper regarding the DoS vulnerability. Also updated to state that the company is not commenting on the speculations.

*UPDATE2. Juniper has updated its advisory to say that separate CVE identifiers have been assigned for each vulnerability. The list of affected ScreenOS versions has also been revised.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...