Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Juniper response to reports of NSA attacks and monitoring of Juniper products.

0

0

Article ID: JSA10605 SECURITY_ADVISORIES Last Updated: 25 Aug 2014Version: 5.0
Product Affected:
Juniper Products
Problem:
 Juniper response to Der Spiegel reports of NSA attacks and monitoring of Juniper products.
Solution:
 Juniper Networks is currently investigating, alleged security compromises of technology products dated from 2008 and made by a number of companies, including Juniper. We take allegations of this nature very seriously and are working actively to address any possible exploit paths. As a company that consistently operates with the highest of ethical standards, we are committed to maintaining the integrity and security of our products. We are also committed to the responsible disclosure of security vulnerabilities, and if necessary, will work closely with customers to implement any mitigation steps.

The alleged security compromises included indications of "software implants" and a method for installing malicious code in BIOS. Juniper Networks is not aware of any such BIOS implants in our products and has not assisted anyone in the creation of such implants.

Juniper maintains a Secure Development Lifecycle, and it is against Juniper policy to intentionally include "backdoors" that would potentially compromise our products or put our customers at risk.

Update as of August 25th 2014:

The investigation into these allegations is still active and open as Juniper continues to research the reports originally brought up in the Der Spiegel article. To date, Juniper has tested and evaluated thousands of systems but has not found any evidence of a compromise.


Juniper will continue to aggressively investigate this report as we do all reports of potential vulnerabilities in our products, and will continue to notify our customers according to our Security Incident Response Team policies.

In 2008 Juniper published this Advisory related to ScreenOS Firmware Image Authenticity Notification

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10392

Juniper recommends that all customers read Juniper Security Advisories and stay current with product updates.
Workaround:
N/A
Implementation:
 
CVSS Score:
N/A
Severity Level:
Medium
Acknowledgements:
 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search