A new flaw has been found in Juniper’s routers that could allow attackers to hack into a company network or launch a denial of service (DoS) attack.
The systems affected are the Juniper M and T series running version 6 of Junos, the company’s proprietary router software. Any software distributed before 7 January 2005 will have the vulnerability.
The flaw, uncovered by carrier Qwest according to the US-CERT government agency, has been rated as moderately critical but Juniper has said that no firewall configuration will protect against the bug and that all affected systems should be patched at once.
Juniper has been understandably coy about the precise form that an attack would take. In its website advisory, which can only be seen by registered customers, it offered the following crumb. "This vulnerability could be exploited either by a directly attached neighboring device or by a remote attacker that can deliver certain packets to the router," from which it is clear that the vulnerability involves an attacker interfering with packet form and order so as to bring routing to a halt.
The fact that the problem is rated as moderate by independent sources, as well as Juniper, suggests that an exploit is possible but tricky.
The company has been relatively free of security issues in recent months, while its main rival, Cisco, has had several to contend with of a similar scale in the last month alone.