Juniper Networks release emergency patches for perfect 10 router vuln Reported by https://www.theregister.com A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible....

[UK Sentinel]

Reported by https://www.theregister.com

A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.

The authentication bypass bug, tracked as CVE-2024-2973, scored a perfect 10 rating on both the CVSS 3.1 and CVSS 4 systems, illustrating the seriousness of the issue.

“An authentication bypass using an alternate path or channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device,” Juniper said in its advisory.

The bug impacts Juniper’s Smart Session Router, Session Smart Conductor management platform, and WAN Assurance Routers and only those that run high-availability redundant configurations are vulnerable.

As for the specific vulnerable versions, for Session Smart Routers it’s:

• All versions before 5.6.15
• From 6.0 before 6.1.9-lts
• From 6.2 before 6.2.5-sts

For Session Smart Conductor:

• All versions before 5.6.15
• From 6.0 before 6.1.9-lts
• From 6.2 before 6.2.5-sts

And for WAN Assurance Routers:

• 6.0 versions before 6.1.9-lts
• 6.2 versions before 6.2.5-sts

Share the knowledge

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote

[Author]

Posts