juniper-screenos
Juniper ScreenOS firmware contained unauthorized backdoors
Juniper disclosed on 2015-12-17 that unauthorized code was found in official ScreenOS firmware shipped on NetScreen firewalls. CVE-2015-7755 added a hardcoded master password (`<<< %s(un='%s') = %u`) granting administrative SSH/Telnet access to any device. CVE-2015-7756 weakened the Dual_EC_DRBG random number generator by replacing the Q parameter, enabling passive decryption of VPN traffic by anyone holding the corresponding private key. The malicious code is believed to have been present since 2012 (in 6.2.0r15 and later, and 6.3.0r12 and later) and is widely attributed to a nation-state actor — possibly building on a pre-existing NSA-influenced backdoor.
- Date
- 2012-09-01 to 2015-12-17
- Category
- Commercial
- Target Surface
- Other
- Insertion Phase
- source
- Impact
- Backdoor
- Cause
- Source code compromise
What Was Affected
Compromised Versions
- ScreenOS 6.2.0r15 - 6.2.0r18
- ScreenOS 6.3.0r12 - 6.3.0r20
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- Observed Duration
- 1202 days
External References
- supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756
- wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault
- blog.fox-it.com/2015/12/20/deepdive-into-cve-2015-7755-juniper-screenos-authentication-backdoor
- kb.cert.org/vuls/id/640184
Source Data
Source record: proprietary/juniper-screenos/meta.yaml