By Eduard Kovacs on January 06, 2016 The owners of more than 1,500 Juniper Networks firewalls still havent applied patches designed to address recently discovered backdoors, an Internet scan conducted by a researcher has shown. Juniper Networks reported in mid-December that it had identified unauthorized code in ScreenOS, the operating system powering the companys NetScreen firewalls. The unauthorized code introduced two vulnerabilities: one that can be exploited to gain administrative access to affected devices (CVE-2015-7755), and one that can be leveraged to decrypt VPN connections (CVE-2015-7756). The VPN decryption flaw affects ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, while the authentication backdoor only impacts ScreenOS 6.3.0r17 through 6.3.0r20. The security holes have been patched with the release of ScreenOS 6.2.0r19 and 6.3.0r21. Full Article: http://www.securityweek.com/backdoors-not-patched-many-juniper-firewalls
