Subscriber Discussion

Juniper Networks Backdoor Password Discovered - Update Your Firmware...

UM
Undisclosed Manufacturer #1
Dec 23, 2015

Certain Juniper network devices had code creating a backdoor password. Signs point to foreign or domestic spying agency purposefully inserting this code. It may have been around for many years. You may want to check your device model/firmware and update if necessary...

Administrative Access (CVE-2015-7755) allows unauthorized remote administrative access to the device. Exploitation of this vulnerability can lead to complete compromise of the affected device.

This issue only affects ScreenOS 6.3.0r17 through 6.3.0r20. No other Juniper products or versions of ScreenOS are affected by this issue.

Description of the issue.

Solution.

(1)
JH
John Honovich
Dec 23, 2015
IPVM

The Juniper situation is a fiasco. Anytime serious people are asking 'Did the Chinese government do it?', 'Did the US government do it?', 'Did both of those governments do it one after the other?' you know you have a serious problem.

U
Undisclosed #2
Dec 23, 2015
IPVMU Certified

Embarrassing lack of coordination between two supposed leaders in cyber warfare. ;)

(2)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions