Critical ScreenOS Security Flaw:
6.2.0r15 through 6.2.0r18 and
6.3.0r12 through 6.3.0r20.

By Steve Puluka

Update 4/6/2016: New ScreenOS 6.3r22 release

Juniper has now completed the ScreenOS VPN updates with the removal of the DUAL_EC_DRBG and the ANSI X9.31 PRNG in ScreenOS 6.3r22 

Plan on downloading and updating systems accordingly.

Critical ScreenOS Security Flaw

To my friends running ScreenOS from Juniper, please review this critical security notice.

These issues can affect any product or platform running ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.  The first issue allows unauthorized remote administrative access to the device over SSH or telnet. Exploitation of this vulnerability can lead to complete compromise of the affected system.  The second issue may allow a knowledgeable attacker to decrypt encrypted VPN traffic.  


Remember to read the new signing key warnings.  Your hardware may need the new signing key installed prior to upgrade to boot properly from the new images.


Upgrade procedure


1-Download the new signing key from the Juniper support site

  • Expand the zip file
  • Verify the signing key checksum

example on linux

$ md5sum imagekey.cer 

99def4b80b75ed65aad52a5fc3ed1131  imagekey.cer

Mac OSX use: 

$ md5 imagekey.cer

MD5 (imagekey.cer) = 99def4b80b75ed65aad52a5fc3ed1131

Thanks to Ryan in the comments.  Windows 7 hash check per:

Get-FileHash imagekey.cer -Algorithm MD5

Other Windows you will need to download a check sum utility like this one from MS others are also available

2-Download the ScreenOS Image 6.3R21 from the Support site

  • Expand the zip file
  • Verify the ScreenOS file checksum

MD5: 1974c20ed045b4de908a01221db63684

Upgrade procedure:

1-Pull a fresh configuraiton backup on all your devices to be sure you have a solid recovery point in case there are issues.

  • Configuration > Update > Conifg File

Choose: Save to file

2-On the CLI verify which signing key is currently on the device.  The new and correct signing key for ScreenOS 6.3R21 begins with  308201ad as shown below.  

If the key begins with 308201ac then you MUST UPDATE THE IMAGE KEY BEFORE UPGRADING THE DEVICE.

ssg5-serial-> exec pki test skey

exec pki test <skey>.

Flash base = 0x51000000, Flash end = 0x0, sector size= 0x4000

KEY1  N/A len =433

 308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

KEY2  N/A len =433

 308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

KEY3  N/A len =433

 308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

2-Upgrade the Image key:  (if required)

  • Configuration > Update > ScreenOS/Keys

Select the Image Signature Key update radio button

Choose file: the imagekey.cer

Select Apply button

3-Upgrade ScreenOS:

  • Configuration > Update > ScreenOS/Keys

Select the Firmware Update radio button

Choose file: ssg5ssg20.6.3.0r21.0

Select Apply


The file will upload showing progress on the lower left

When complete it will apply and reboot taking about 5-10 minutes

3-When the device is available login and confirm the upgrade

Error: Bogus image - not authenticated!!!

This error will occur if you upgrade to the new ScreenOS image and still have the OLD signing key on your device.  The boot screen on the console port will show this message:

********Invalid image!!!
********Bogus image - not authenticated!!!

Fips check failed

To recover from this error and allow the device to boot you need to delete the signing key.

delete crypto auth-key

Then reboot the device and the new ScreenOS should load.


Security notice

Signing Key Articles

Originally Posted December 20, 2015
Last Revised on July 02, 2016

Comments Policy
Posts: 7
Thank You
Reply #11 on : Mon December 21, 2015, 09:02:21
I just wanted to say Thank You for taking the time to post this guide.
It was very helpful and well written.
Happy hollidays :)
Posts: 7
Re: Critical ScreenOS Security Flaw: <br> 6.2.0r15 through 6.2.0r18 and <br> 6.3.0r12 through 6.3.0
Reply #10 on : Mon December 21, 2015, 10:06:33
With Windows 7+ you can use powershell to generate the file hash, using Get-FileHash, supports SHA1, SHA256, SHA384, SHA512, MACTripleDES, MD5, and RIPEMD160. See
Would be something like
Get-FileHash imagekey.cer -Algorithm MD5
Posts: 3
Thanks: Ryan
Reply #9 on : Mon December 21, 2015, 16:30:26
Thanks Ryan for the Windows 7 built in hash check. I've added that to the preparation instructions.

Posts: 7
Catch 22 for ScreenOS devices operated in "fips-mode"
Reply #8 on : Tue December 22, 2015, 09:59:46
Let me first add my thanks for sharing these notes on upgrading ScreenOS. It does seem interesting that Juniper announces in August 2014 that they believe their code signing key could have been compromised, and then in December 2015, they notify everyone that all current versions have "unauthorized code" implanted. Hhmmm.

One aspect of this requirement to upgrade the signing keys is that it cannot be done for any ScreenOS system that has had "fips-mode" enabled. The web GUI does not offer the ability to upload new signing keys while in fips-mode, and TFTP is disabled as well.

For some devices, it is possible to use TFTP for boot loader and firmware updates using the physical console connection, but no procedure is documented for uploading the "imagekey.cer" file at boot time.

Another option might be to use SCP to upload the new "imagekey.cer" file. However, Juniper does not appear to provide any mechanism for installing new signing keys via SCP. Furthermore, I would urge extreme caution to anyone who wants to experiment, as this is one way to truly "brick" your device with no practical means of recovery. For example, uploading a saved config file via SCP to a ScreenOS device that is in "fips-mode" will brick the device, as the config file will not be correctly signed by the device. (I speak from painful experience.)

I hope this advisory is helpful to others, even though I cannot offer any options other than going through the process of restoring the device to factory defaults and starting over. In this case, you would really want a *text* copy of the installed configuration.
Posts: 3
Thanks: Chuck
Reply #7 on : Tue December 22, 2015, 17:03:06
Thanks Chuck for the notes on FIPS mode. I've never worked with this and your description is helpful.

Obviously I agree about having that text config file as a backup. this is step one. Most of my clients sites are remote. So this config allows the quick dump onto a replacement device for shipping if the worst happens. And as you note gives you the option to go full factory reset and reload as well.


Posts: 7
old version
Reply #6 on : Thu January 21, 2016, 23:56:03
Hi, thank you for this helpful article
I wonder if old products like SSG5 version is affected too?

thanks again
Posts: 3
re: Old Version
Reply #5 on : Sun January 24, 2016, 06:53:06

No the older versions like 6.0 are not affected. the code is in the versions indicated in my title here.

6.2.0r15 through 6.2.0r18 and
6.3.0r12 through 6.3.0r20.

Posts: 7
Firmware Copy
Reply #4 on : Tue March 01, 2016, 08:44:14
I have a SSG140 device with backdated firmware, i want to update it to latest version, but i am unable to download from Juniper site, probably key issue, can you please provide me the downloaded firmware(6.3.0R21) copy?

Posts: 1
re: Firmware Copy
Reply #3 on : Sat April 02, 2016, 06:18:34

To access the Juniper downloads for this you will need to open a ticket on the support site. Juniper is giving free updates to anyone, even if you have no contract, due to this issue. > Support > Cases > Create new case
choose: Admin Service Case
Posts: 7
Re: Critical ScreenOS Security Flaw: <br> 6.2.0r15 through 6.2.0r18 and <br> 6.3.0r12 through 6.3.0
Reply #2 on : Mon May 15, 2017, 21:08:18
Wow, amazing blog structure! How long have you ever been blogging for?
you made blogging look easy. The total glance of your
website is great, let alone the content material!


Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
Showing comments 1 to 10 of 11 | Next | Last
E-mail Comments or Questions on this page?