Juniper Confirms Shadow Brokers Firewall Implants

August 23, 2016

Juniper Networks has confirmed that some of the exploits and implants leaked in the Shadow Brokers data dump affect its products, more precisely NetScreen firewalls running the ScreenOS operating system.

The security hardware vendor did not detail what exploits affect its products, nor which models or OS versions they target.

The company said it’s still investigating the code and will not release a security advisory until it knows the full extent of the code and all affected products.

“As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS,” said Derrick Scholl from the Juniper Product Security Information Response Team. “We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.”

Based on this list, several security researchers claim that the BARGLEE, FEEDTROUGH, and ZESTYLEAK implants are the ones that can be used against Juniper devices.

At the end of last week, Cisco, Fortinet, and WatchGuard have acknowledged that their products are affected.

Read full story…