› UKTH forums › 📡 Broadband Tech & ISP’s › Other Stuff etc. › Juniper Networks release emergency patches for perfect 10 router vuln Reported by https://www.theregister.com A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible....
- This topic has 0 replies, 1 voice, and was last updated 1 year, 9 months ago by
UK Sentinel.
- AuthorPosts
- July 5, 2024 at 9:06 pm #32728
Reported by https://www.theregister.com
A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.
The authentication bypass bug, tracked as CVE-2024-2973, scored a perfect 10 rating on both the CVSS 3.1 and CVSS 4 systems, illustrating the seriousness of the issue.
“An authentication bypass using an alternate path or channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device,” Juniper said in its advisory.
The bug impacts Juniper’s Smart Session Router, Session Smart Conductor management platform, and WAN Assurance Routers and only those that run high-availability redundant configurations are vulnerable.
As for the specific vulnerable versions, for Session Smart Routers it’s:
- All versions before 5.6.15
- From 6.0 before 6.1.9-lts
- From 6.2 before 6.2.5-sts
For Session Smart Conductor:
- All versions before 5.6.15
- From 6.0 before 6.1.9-lts
- From 6.2 before 6.2.5-sts
And for WAN Assurance Routers:
- 6.0 versions before 6.1.9-lts
- 6.2 versions before 6.2.5-sts
In a completely sane world, madness is the only freedom (J.G.Ballard).
You need to login in order to vote
- AuthorPosts
- You must be logged in to reply to this topic.