Networking provider Juniper Networks has released an emergency patch to remedy what appears to be an intentional backdoor into many of its products.
Juniper Chief Information Officer Bob Worrall said that during a recent internal code review, they found "unauthorized code" in ScreenOS that could allow a knowledgeable attacker to gain admin access to NetScreen devices and to decrypt VPN connections.
The company said NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected and require immediate patching. Worrall said that once they identified the issue, they launched an investigation and set about developing and issuing a patched version of ScreenOS.
Juniper Networks added that they have not received any reports of the vulnerabilities being exploited in the wild (nor should they expect to). The obvious question is, how did the nefarious code get into the software to begin with? Was it a rogue employee on a power trip or did a government agency have something to do with it?
As Ars Technica points out, an article a few years back published by Der Spiegel references an NSA operation targeting Juniper firewalls that gave them backdoor access. Said operation, dubbed FEEDTHROUGH, was described as malware that could get into Juniper firewalls and even survive software upgrades.
Conveniently enough, Juniper doesn't mention how it thinks the code might have come into play.
Image courtesy Bloomberg via Getty Images
