Multiple Security issues with ScreenOS (CVE-2015-7755, CVE-2015-7756)

1
225

On December 17th, 2015, Juniper Networks published an Important Announcement about ScreenOS which is pointing authentication backdoor and VPN decrypt on GT and SSG series devices.

The backdoor can be exploited by using random username and backdoor password through SSH and Telnet.

  • On lab environment, I tested ScrenOS 6.3.0r17 version on SSG20 brand and the result was stunning. As seen below, only two user was created on the device.

1
Picture1 – Administrator Database
  • If the device is vulnerable, you should reach highest privileges on the device.
Screen Shot 2015-12-21 at 15.00.16
Picture2 – Login with Random Username and Backdoor Password
  • Upon exploitation of this vulnerability, the log file would contain an entry that ‘system’ had logged on followed by password authentication for a username. Out of Cycle Security Bulletin
2
Picture3 – Observing Backdoor Login on Syslog Events

Finally, I also tested the some other versions  such as 6.2.0r9.0 and 6.2.0r5.0, it is observed that they don’t have backdoor vulnerability.

 

SHARE
Next articleDetecting and Blocking DNS Tunneling
Sr. Network & Security Engineer

1 COMMENT

LEAVE A REPLY