Juniper Networks issued a security warning and patches centered on its ScreenOS firewall management software to eliminate illicit code that could lead to an attacker gaining administrative control to the company's NetScreen devices.
Bob Worrall, Juniper's senior vice president and chief information officer, wrote the unauthorized code was detected during an internal audit, which led to the updating of the ScreenOS software. The malicious code could also have allowed a hacker to decrypt VPN connections, he said.
“At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority,” he said.
The products affected are NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.