Router maker finds ‘unauthorised’ code – Juniper
Juniper Networks has issued a warning after discovering “unauthorised code” in its firewall software.
Analysis of the rogue code shows that it can decrypt scrambled data being sent through virtual private networks.
In a security advisory, the internet hardware maker said whoever wrote the code would be able to use it to spy on encrypted conversations.
Juniper has released patches to strip the code out of its firewall software and urged customers to apply them.
The code was found in Juniper’s ScreenOS software with which many large firms using its hardware keep an eye on data traffic entering and exiting their networks.
Juniper’s routers and network switches are widely used in ISPs and by many large corporates.
An internal code review revealed that ScreenOS was harbouring the unwanted passenger, said the firm. No information was given about where the code came from or how it found its way into the firewall’s core software.
The range of products affected suggests that the extra software has been lurking inside different versions of ScreenOS since 2012.