Juniper Networks devices are being targeted by attackers using a hardcoded password in the technology giant’s ScreenOS firmware. The attacks follow Juniper first warning Dec. 17 that it had discovered “unauthorized code” that introduced two vulnerabilities into ScreenOS. The vulnerabilities are a concern because numerous industries, including government agencies and the financial services sector, rely on Juniper devices for network defense. Security experts recommend that any organization that uses affected devices drop everything and patch the vulnerable devices immediately. A separate flaw – CVE-2015-7756 – could potentially “allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic””]
Source: https://www.databreachtoday.com/juniper-devices-are-under-attack-a-8768