News: It will allow attackers to decrypt VPN connections.
Network equipment maker Juniper’s ScreenOS software is reportedly running an unauthorised suspicious code that could allow attacker to gain administrative access to NetScreen devices the company said.
According to a post by Juniper Networks’ SVP Chief Information Officer Bob Worrall the code would permit decryption of VPN connections.
The company said that it has identified two independent issues in regards to unauthorised code.
One of the issues will allow unauthorised remote administrative access to the device over SSH or telnet which will compromise the affected system and the second issue may allow an attacker with knowledge of monitoring VPN traffic to decrypt that traffic.
The company said: "Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.
"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority."
Juniper has released certain patches and it has recommended users to update their systems and apply these patched releases.
The company also said that the vulnerabilities are specific to ScreenOS, and it is unaware about the SRX or other devices running Junos are impacted at this time.