Last week the SANS Internet Storm Center raised the alert level  to YELLOW for backdoor vulnerabilities in Juniper ScreenOS products.  An out-of-band security release was issued to help resolve these critical security vulnerabilities.

Juniper released an out of band update for ScreenOS late last week. The update fixes two distinct backdoor that were introduced into the ScreenOS code to provide remote access to the device, and to be able to decrypt VPN connections. As of Sunday evening, the hidden password has been released making exploitation of the flaw trivial. Also some details are now known about how the VPN encryption was weakened. In this brief webcast, we will provide a summary of what is known so far about this flaw, how to protect yourself and what this implies for devices from other manufacturers.