[SingCERT] Multiple Security Issues with Juniper ScreenOS

Published on Tuesday, 22 December 2015 10:44

[ Background ]

Juniper found two security issues with ScreenOS during an internal code review – one that could allow unauthorised control of the affected system and the other which could allow an attacker to decrypt VPN traffic.

[ Affected Software ]

  • ScreenOS 6.2.0r15 to 6.2.0r18
  • ScreenOS 6.3.0r12 to 6.3.0r20

[ Impact ]

Products or platforms running the affected software could be compromised and VPN traffic could be decrypted.

[ Solution/Workaround ]

Updates are available and administrators are advised to update the affected ScreenOS versions.

[ References ]