The dump of tools, exploits, and data stolen from a hacking team called the Equation Group–which is believed to be affiliated with the NSA–included a number of exploits for popular security appliances. There were exploits for Cisco’s ASA and PIX firewalls in the files, along with one for Juniper’s NetScreen devices.
Juniper officials said that they are looking into the exploit now, but don’t believe that it targets the actual OS of the devices.
“As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS. We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices. We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible,” Derrick Scholl of the Juniper Product Security Information Response Team, said in a post.
Juniper’s NetScreen firewalls, like Cisco’s, are widely deployed in enterprises and government environments and would make natural targets for high-level attackers, including intelligence services. Just a few months ago, Juniper released a security advisory warning customers about “unauthorized code” in its ScreenOS software, or what amounted to a backdoor.
“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” Juniper CIO Bob Worrall said in a post at the time.
Researchers and vendors are continuing to look through the material from the Shadow Brokers dump, and there likely will be many more advisories and analyses to come.