Article: U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit | PCWorld NIST NVD Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7755 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7756 Based on the article above, Juniper announced a security flaw in their source code within Juniper NetScreen's ScreenOS. The 'spying code' has been found in products running ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 . Has anyone been able to use NPM and/or NCM to help identify Juniper nodes in their environment that run the ScreenOS version in question? Unfortunately we do not have any Juniper NetScreen devices for me to test on but here's some food for thought: ========================================================================= Run CLI command 'get system' on multiple nodes (NCM) http://kb.juniper.net/KB6489 - Juniper KB on finding ScreenOS version Navigate to Configuration Management under Configs tab. Select Vendor under Group by: . Select Juniper Networks, Inc. in order to view all your Juniper devices on the right side. Select your all your NetScreen devices and then click Execute script . On the right side of the pop up box, type " get system ", then click EXECUTE towards the bottom of pop up box. A quick warning box will show up letting you know that you will be executing the script across however many nodes you've selected Lastly you can view the executed scripts under the Transfer Status tab. Create Universal Device Poller (UnDP) for the OID that provides the ScreenOS version (NPM) http://www.juniper.net/techpubs/software/index_mibs.html - MIBs Name: nsSetGenSwVer OID: 1.3.6.1.4.1.3224.7.1.5 Description: NetScreen OS Version. Navigate to NPM installation folder, generally under Program Files (x86)\SolarWinds\Orion\NPM . Open UniversalDevicePoller.exe . Click New Universal Device Poller . Fill out the OID field with 1.3.6.1.4.1.3224.7.1.5 and then click Next . Select the nodes that you want to poll this information for. Select Vendor under Group By: to see it listed by vendor like the screenshot below. Run through the rest of the wizard to finish creating your new Universal Device Poller. Additional Information on UnDP: Creating Universal Device Pollers - Documentation Universal Device Pollers - Training Video Universal Device Pollers - SolarWinds Knowledge base ========================================================================= Hopefully that'll be a start to some awesome ideas and results! Please discuss and share thoughts/results below!

This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Juniper Warns of Unauthorized Code in Firewall

andy.wong over 8 years ago

Article:

U.S. Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit | PCWorld

NIST NVD Details:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7755

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7756

Based on the article above, Juniper announced a security flaw in their source code within Juniper NetScreen's ScreenOS. The 'spying code' has been found in products running ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Has anyone been able to use NPM and/or NCM to help identify Juniper nodes in their environment that run the ScreenOS version in question?

Unfortunately we do not have any Juniper NetScreen devices for me to test on but here's some food for thought:

=========================================================================

Run CLI command 'get system' on multiple nodes (NCM)

http://kb.juniper.net/KB6489 - Juniper KB on finding ScreenOS version

Navigate to Configuration Management under Configs tab. Select Vendor under Group by:. Select Juniper Networks, Inc. in order to view all your Juniper devices on the right side. Select your all your NetScreen devices and then click Execute script.
On the right side of the pop up box, type "get system", then click EXECUTE towards the bottom of pop up box. A quick warning box will show up letting you know that you will be executing the script across however many nodes you've selected
Lastly you can view the executed scripts under the Transfer Status tab.

Create Universal Device Poller (UnDP) for the OID that provides the ScreenOS version (NPM)

http://www.juniper.net/techpubs/software/index_mibs.html - MIBs

Name: nsSetGenSwVer

OID: 1.3.6.1.4.1.3224.7.1.5

Description: NetScreen OS Version.

Navigate to NPM installation folder, generally under Program Files (x86)\SolarWinds\Orion\NPM. Open UniversalDevicePoller.exe.
Click New Universal Device Poller. Fill out the OID field with 1.3.6.1.4.1.3224.7.1.5 and then click Next.
Select the nodes that you want to poll this information for. Select Vendor under Group By: to see it listed by vendor like the screenshot below. Run through the rest of the wizard to finish creating your new Universal Device Poller.