Incident Response, TDR, Vulnerability Management

Juniper confirms leaked “NSA exploits” affect its firewalls, no patch released yet

Juniper confirmed exploits leaked by the Shadow Brokers group appear to affect its firewalls, but has not yet patched the vulnerabilities.

The firewall manufacturer is “investigating the recent release of files reported to have been taken from the so-called Equation Group,” Juniper's security incident response manager Derrick Scholl wrote in a corporate blog post.

Juniper identified an exploit affecting its NetScreen firewall devices that run on the ScreenOS operating system. Initial analysis of the exploit “indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices,” Scholl wrote in the post.

On Tuesday, Ixia's application and threat intelligence unit discovered an exploit that targets Watchguard Firewalls, according to Steve McGregory, senior director of the ATI group said in emailed comments to Four of the exploits affect TopSec firewalls, primarily used in China, he added.

A week ago, Cisco and Fortinet confirmed that exploits affect their firewall products. Both companies issued patches last Wednesday. The files posted by Shadow Brokers “included exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls,” Cisco wrote last Wednesday. The exploits have been linked to the Equation Group, a group that has been linked to the National Security Agency (NSA). 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.