Educause Security Discussion mailing list archives
Re: Juniper backdoor password now public (plus bonus Shodan .edu search)
From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Mon, 21 Dec 2015 20:37:07 +0000
This is a serious vulnerability, but before it becomes Internet legend, this issue does not impact the entire line of Juniper products. It "only" impacts Juniper ScreenOS systems, not JunOS (that we know of at this time). Netscreen products include the NS and SSG VPN/Firewall chassis. SRX next-gen systems as well as EX and MX gear run JunOS. There are patched versions of the firmware available. -Brian -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Merdinger Sent: Sunday, December 20, 2015 10:11 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Juniper backdoor password now public (plus bonus Shodan .edu search) fyi https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor https://gist.github.com/hdm/18c8818d8623c2053e5c#file-19b-19-diff-L466 [ 83 hits ] -- https://www.shodan.io/search?query=org%3Auniversity+netscreen [ 16 hits ] -- https://www.shodan.io/search?query=org%3Acollege+netscreen Thanks, --scm
Current thread:
- Juniper backdoor password now public (plus bonus Shodan .edu search) Shawn Merdinger (Dec 20)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Brian Helman (Dec 21)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Alex Keller (Dec 21)
- Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Brian Helman (Dec 21)