Juniper Networks Backdoor Password Discovered - Update Your Firmware...

Certain Juniper network devices had code creating a backdoor password. Signs point to foreign or domestic spying agency purposefully inserting this code. It may have been around for many years. You may want to check your device model/firmware and update if necessary...

Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Exploitation of this vulnerability can lead to complete compromise of the affected device.

This issue only affects ScreenOS 6.3.0r17 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.

Description of the issue.

Solution.


The Juniper situation is a fiasco. Anytime serious people are asking 'Did the Chinese government do it?', 'Did the US government do it?', 'Did both of those governments do it one after the other?' you know you have a serious problem.

Embarrassing lack of coordination between two supposed leaders in cyber warfare. ;)