Juniper Networks - a network device and software maker - has found "unauthorised code" in its NetScreen firewall devices. The vulnerability could be used to decrypt VPN connections, which would unmask sites that were being accessed through the VPN.
The vulnerability was found in ScreenOS which powers NetScreen firewall devices. The unauthorised code was unveiled in a recent internal code review.
Once the vulnerability was uncovered, Juniper Networks began an investigation into what had happened, and released a patch for the vulnerability. Juniper is urging anyone using NetScreen devices running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 to install the patch.
Luckily, there are no known incidents of the code being exploited by attackers, but Juniper doesn't want device owners to be complacent, and advises that users should make updating their software their "highest priority."