Critical ScreenOS bugs allow undetectable decryption of VPN connections, device hijacking

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Juniper Networks has discovered and patched a critical, high-impact vulnerability affecting ScreenOS on its NetScreen devices, and is advising customers to update their systems “with the highest priority.”

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper CIO Bob Worrall explained in a post.

The vulnerability (CVE-2015-7755) actually consists of two issues: one that allows unauthorized remote administrative access to the device over SSH or telnet (and can lead to complete compromise of the affected system), and one that allows a knowledgeable attacker to decrypt encrypted VPN traffic.

Worrall noted that they have not received any reports of these vulnerabilities being exploited, but in the advisory they said that there is a way for an attacker to remove evidence that the targeted device had been compromised, and that there is no way to detect that the second issue has been exploited.

The flaw affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

“These vulnerabilities are specific to ScreenOS. We have no evidence that the SRX or other devices running Junos are impacted at this time,” Worrall added.

More information and instructions on how to applying the updates can be found in this security bulletin.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.