Juniper releases out-of-cycle fix for max severity auth bypass flaw

Juniper releases out-of-cycle fix for max severity auth bypass flaw

June 30, 2024 at 11:21AM

Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of similar vulnerabilities in the past.

Based on the meeting notes, the key takeaways are:

1. Juniper Networks has released an emergency update to address a maximum severity vulnerability (CVE-2024-2973) that could lead to an authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

2. The vulnerability allows an attacker to take full control of the affected device, particularly in high-availability redundant configurations.

3. The impacted products and versions are:

– Session Smart Router & Conductor: All versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts
– WAN Assurance Router: 6.0 versions before 6.1.9-lts and 6.2 versions before 6.2.5-sts

4. Security updates have been made available for Session Smart Router in versions 5.6.15, 6.1.9-lts, and 6.2.5-sts. WAN Assurance Routers are patched automatically when connected to the Mist Cloud.

5. The recommended action is to apply the available fixes, as no workarounds are available for this vulnerability.

6. Juniper products are targeted by hackers due to the critical and valuable environments they are deployed in.

7. It is important for administrators of affected devices to upgrade to the latest available versions to address the vulnerability.

These are the key points distilled from the meeting notes. Let me know if you need any further information or if there’s anything else I can do for you.

Full Article