Juniper warns of two attacks of 'unauthorised code' on its routers
Juniper has found 'unauthorised code' in its NetScreen products which allows hackers to abduct and decode VPN traffic. Another issue allows unauthorised remote administrative access to the device via SSH or telnet, allowing attackers to compromise the affected system.
The Administrative Access flaw, CVE-2015-7755, affects ScreenOS 6.3.0r17 through 6.3.0r20.The VPN decryption flaw, CVE-2015-7756, only affects users with NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
The company advised that in the past, an unauthorised group added code to its ScreenOS firmware. After identifying the vulnerabilities, Juniper launched an investigation with the US FBI and worked to build and issue patches for the latest versions of ScreenOS.
Juniper pointed out that, “Upon exploitation of this vulnerability, the log file would contain an entry that ‘system' had logged on followed by password authentication for a username,” and also noted that, “a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been compromised.”
It also advised that, “There is no way to detect that this vulnerability was exploited.”