July 1, 2024 at 02:34PM Juniper Networks released an emergency patch for a critical authentication bypass vulnerability, tracked as CVE-2024-2973, affecting Session Smart Router, Conductor, and WAN Assurance Router. The flaw, found internally, has the highest CVSS score of 10. Immediate updates for affected devices are recommended to prevent exploitation. Automatic updates will not disrupt … Read more
July 1, 2024 at 07:38AM A critical vulnerability (CVE-2024-2973) in Juniper Networks routers scored a perfect 10 on CVSS systems. Juniper advised applying emergency patches due to an authentication bypass bug that could allow network-based attackers to take control. The bug affects Smart Session Router, Session Smart Conductor, and WAN Assurance Routers, potentially causing significant … Read more
July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more
July 1, 2024 at 02:57AM Juniper Networks has released critical security updates to fix an Authentication Bypass Using an Alternate Path or Channel vulnerability in some routers, affecting devices running in high-availability redundant configurations. The flaw, tracked as CVE-2024-2973, carries a maximum severity score. The company urges users to apply the patches to protect against … Read more
June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more
April 15, 2024 at 09:54AM Juniper Networks recently released multiple advisories detailing over one hundred vulnerabilities in Junos OS, Junos OS Evolved, and other products. Critical-severity issues were found in third-party software, including cURL and Junos cRPD. High-severity flaws impacting Junos OS, Junos OS Evolved, and Paragon Active Assurance Control Center were also addressed. Customers … Read more
January 30, 2024 at 10:36AM Juniper Networks disclosed and apologized for previously concealing vulnerabilities reported by watchTowr researcher Aliz Hammond. The company issued an out-of-cycle security advisory, separately disclosing four vulnerabilities with missing individual CVEs. The vulnerabilities affect J-Web in Junos OS SRX Series and EX Series. US CISA warned of the XSS vulnerability and … Read more
January 30, 2024 at 03:59AM Juniper Networks released out-of-band updates for high-severity flaws in SRX and EX Series, addressing missing authentication and cross-site scripting vulnerabilities. watchTowr Labs discovered and reported the issues. Temporary mitigations include disabling J-Web or restricting access. Earlier critical vulnerability fixes were also shipped. U.S. CISA added previously disclosed vulnerabilities to the … Read more
January 15, 2024 at 02:43PM Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised … Read more
January 15, 2024 at 06:12AM Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported. … Read more