Reference CERT-EU-SA2015-825 Title: JUNIPER multiple security issues with ScreenOS (CVE-2015-7755) Short Summary -------------- During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections. Systems affected ----------------- These vulnerabilities are specific to ScreenOS. Juniper has no evidence that the SRX or other devices running Junos are impacted at this time. All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected by these issues and require patching. Impact ------- Unauthorized remote administrative access to the device over SSH or Telnet and the ability to monitor and decrypt VPN traffic. Description ------------ During an internal code review, Juniper has identified two security issues: The first issue allows unauthorized remote administrative access to the device over SSH or Telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system. Upon exploitation of this vulnerability, the log file would contain an entry that system had logged on followed by password authentication for a username. It's possible that the attacker can remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised. The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue. There is no way to detect that this vulnerability was exploited. Solutions ---------- The Juniper SIRT strongly recommends upgrading to a fixed release (see below) to resolve these critical vulnerabilities. No workaround exists for these issues. The following software releases have been updated to resolve these specific issues: ScreenOS 6.2.0r19, 6.3.0r21, and all subsequent releases. Additionally, earlier affected releases of ScreenOS 6.3.0 have been modified to resolve these issues. Fixes are included in: 6.3.0r12b, 6.3.0r13b, 6.3.0r14b, 6.3.0r15b, 6.3.0r16b, 6.3.0r17b, 6.3.0r18b, 6.3.0r19b Additional References ----------------------- [1] 2015-12 Out of Cycle Security Bulletin: ScreenOS: Multiple Security issues with ScreenOS (CVE-2015-7755) http://kb.juniper.net/InfoCenter/index?page=3Dcontent&id=3DJSA= 10713&cat=3DSIRT_1&actp=3DLIST [2] Juniper Announcement about ScreenOS http://forums.juniper.net/t5/Security-Incident-Response/Important-A= nnouncement-about-ScreenOS/ba-p/285554 CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383