Knowledge Center Search


 

Juniper response to reports of NSA attacks and monitoring of Juniper products.

  [JSA10605] Show KB Properties

  [JSA10605] Hide KB Properties

Categories:
Security Advisories ID: JSA10605
Last Updated: 25 Aug 2014
Version: 5.0

Product Affected:
Juniper Products

Problem:
 Juniper response to Der Spiegel reports of NSA attacks and monitoring of Juniper products.

Solution:
 Juniper Networks is currently investigating, alleged security compromises of technology products dated from 2008 and made by a number of companies, including Juniper. We take allegations of this nature very seriously and are working actively to address any possible exploit paths. As a company that consistently operates with the highest of ethical standards, we are committed to maintaining the integrity and security of our products. We are also committed to the responsible disclosure of security vulnerabilities, and if necessary, will work closely with customers to implement any mitigation steps.

The alleged security compromises included indications of "software implants" and a method for installing malicious code in BIOS. Juniper Networks is not aware of any such BIOS implants in our products and has not assisted anyone in the creation of such implants.

Juniper maintains a Secure Development Lifecycle, and it is against Juniper policy to intentionally include "backdoors" that would potentially compromise our products or put our customers at risk.

Update as of August 25th 2014:

The investigation into these allegations is still active and open as Juniper continues to research the reports originally brought up in the Der Spiegel article. To date, Juniper has tested and evaluated thousands of systems but has not found any evidence of a compromise.


Juniper will continue to aggressively investigate this report as we do all reports of potential vulnerabilities in our products, and will continue to notify our customers according to our Security Incident Response Team policies.

In 2008 Juniper published this Advisory related to ScreenOS Firmware Image Authenticity Notification

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10392

Juniper recommends that all customers read Juniper Security Advisories and stay current with product updates.

Workaround:
N/A

Implementation:
 

Related Links:

CVSS Score:
N/A

Risk Level:
Medium

Acknowledgements:
 

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.