Juniper, during a routine internal code review, discovered unauthorized “backdoor” code in its ScreenOS software, which powers its firewall and VPN applications for data center, large enterprise, and carrier networks.
The code can be used by an attacker who knows about its existence to get administrative access to devices running ScreenOS and decrypt VPN connections, Juniper senior VP and CIO Bob Worrall wrote in a security advisory issued Thursday.
Juniper is one of the largest networking technology vendors for data centers and carriers.
The company issued patches along with the advisory and recommended that customers running ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 apply the patches “as soon as possible.” The affected versions indicate that the vulnerability may have been present since at least 2008, the year ScreenOS 6.2 came out, as noted by the Register.
Companies use software firewalls to protect their networks from intrusion. They rely on VPNs to encrypt connections to their systems by authorized personnel over public networks. In other words, the vulnerabilities Juniper has identified are potentially responsible for gaping holes in enterprise security of many of its customers.
At this point, Juniper doesn’t know when or how the unauthorized code ended up in the software, according to Worrall. He also mentioned that there’s no evidence that someone has exploited the vulnerabilities.
The list of potential scenarios is long. Close to the top of it, however, is the possibility that the backdoors were introduced by the NSA or a foreign spy agency.
Among Edward Snowden’s disclosures was one about an NSA program through which the agency could intercept Cisco products on their way to customers to install backdoors. Another NSA program, called Feedthrough, was reportedly created to covertly install malware into Juniper firewalls that can be used to install other NSA software on the vendor’s customers’ equipment.