cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Juniper Warns of Unauthorized Code in Firewall

Article:

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit | PCWorld

NIST NVD Details:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7755

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7756

Based on the article above, Juniper announced a security flaw in their source code within Juniper NetScreen's ScreenOS. The 'spying code' has been found in products running ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Has anyone been able to use NPM and/or NCM to help identify Juniper nodes in their environment that run the ScreenOS version in question?

Unfortunately we do not have any Juniper NetScreen devices for me to test on but here's some food for thought:

=========================================================================

Run CLI command 'get system' on multiple nodes (NCM)

http://kb.juniper.net/KB6489  - Juniper KB on finding ScreenOS version

  • Navigate to Configuration Management under Configs tab. Select Vendor under Group by:. Select Juniper Networks, Inc. in order to view all your Juniper devices on the right side. Select your all your NetScreen devices and then click Execute script.
    4.png
  • On the right side of the pop up box, type "get system", then click EXECUTE towards the bottom of pop up box. A quick warning box will show up letting you know that you will be executing the script across however many nodes you've selected
    5.png
  • Lastly you can view the executed scripts under the Transfer Status tab.
    6.png

Create Universal Device Poller (UnDP) for the OID that provides the ScreenOS version (NPM)

http://www.juniper.net/techpubs/software/index_mibs.html - MIBs

Name: nsSetGenSwVer

OID: 1.3.6.1.4.1.3224.7.1.5

Description: NetScreen OS Version.

  • Navigate to NPM installation folder, generally under Program Files (x86)\SolarWinds\Orion\NPM. Open UniversalDevicePoller.exe.
    1.png
  • Click New Universal Device Poller. Fill out the OID field with 1.3.6.1.4.1.3224.7.1.5 and then click Next.
    2.png
  • Select the nodes that you want to poll this information for. Select Vendor under Group By: to see it listed by vendor like the screenshot below. Run through the rest of the wizard to finish creating your new Universal Device Poller.
    3.png

Additional Information on UnDP:

Creating Universal Device Pollers - Documentation

Universal Device Pollers - Training Video

Universal Device Pollers - SolarWinds Knowledge base

=========================================================================

Hopefully that'll be a start to some awesome ideas and results! Please discuss and share thoughts/results below!

0 Kudos
Reply