[SingCERT] Multiple Security Issues with Juniper ScreenOS

Published on Tuesday, 22 December 2015 10:44

[ Background ]

Juniper found two security issues with ScreenOS during an internal code review – one that could allow unauthorised control of the affected system and the other which could allow an attacker to decrypt VPN traffic.

[ Affected Software ]

  • ScreenOS 6.2.0r15 to 6.2.0r18
  • ScreenOS 6.3.0r12 to 6.3.0r20

[ Impact ]

Products or platforms running the affected software could be compromised and VPN traffic could be decrypted.

[ Solution/Workaround ]

Updates are available and administrators are advised to update the affected ScreenOS versions.

[ References ]

http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST