Juniper Networks updates software in wake of security flaws

Juniper Networks updates software in wake of security flaws

Fixing the vulnerabilities discovered in Juniper Networks equipment is proving to be a multistep affair.

After unauthorized code was found in the company's Netscreen firewall that could decrypt traffic sent over virtual private networks, Juniper first issued patched releases for the latest versions of ScreenOS, the affected software, in order to remove unauthorized administrative access and address VPN decryption.

After further investigation, however, the company also decided to replace the Dual_EC random number generator in NetScreen firewalls with the random number generation technology already used in other Junos OS products. The changes will be made starting with new ScreenOS 6.3 software and future releases the first half of this year.

Juniper CIO Bob Worrall said the security of Junos OS has been checked using source code in “hot spots,” where similar code found in ScreenOS could be found, including VPN code, encryption code and authentication code.

Ars Technica reported that Dual_EC has been known to contain security weaknesses since 2007 and is suspected of having a backdoor, inserted by the National Security Agency, that allows VPN decryption.

Further questions also rose from research  by the University of Illinois at Chicago’s Stephen Checkoway, which shows that separate code changes made in 2008, 2012 and 2014 made it easier for adversaries to break the NetScreen firewall encryption, Ars Technica explained.

These software flaws have become a source of concern for the federal government, with the Department of Defense warning contractors of the vulnerability, which could compromise affected systems.  

According to Juniper, the investigation of the origin of the unauthorized code is ongoing.

About the Author

Amanda Ziadeh is a former reporter/producer for GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected