July 1, 2024 at 02:57AM
Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against potential threats.
Key Takeaways from Meeting Notes:
– Juniper Networks has released out-of-band security updates to address a critical security flaw (CVE-2024-2973) that could lead to an authentication bypass in some of its routers.
– The vulnerability affects routers or conductors running in high-availability redundant configurations, with specific versions listed for Session Smart Router, Session Smart Conductor, and WAN Assurance Router.
– Juniper Networks, acquired by Hewlett Packard Enterprise (HPE) earlier this year, disclosed that there is no evidence of active exploitation of the flaw in the wild.
– The vulnerability has been patched automatically on affected devices for MIST managed WAN Assurance routers connected to the Mist Cloud.
– In January 2024, the company also rolled out fixes for a critical vulnerability (CVE-2024-21591, CVSS score: 9.8) in the same products that could enable an attacker to cause a denial-of-service (DoS) or remote code execution and obtain root privileges.
– Given the history of security flaws affecting the company’s SRX firewalls and EX switches, it is crucial for users to apply the patches to protect against potential threats.