Juniper Networks has released out-of-band security updates to address a critical security flaw that could cause authentication to be bypassed in some routers.
The vulnerability, tracked as CVE-2024-2973, has a CVSS score of 10.0, indicating maximum severity.
“An authentication bypass vulnerability using an alternate path or channel in a Juniper Networks smart router or session conductor with redundant peering allows a network attacker to bypass authentication and gain full control of the device,” the company said in a statement. said in an advisory issued last week.
According to Juniper Networks, the flaw only affects those routers or routers running in redundant high-availability configurations. The list of affected devices is listed below –
- Session Smart Router (all versions before 5.6.15, 6.0 to 6.1.9-lts and 6.2 to 6.2.5-sts)
- Session Smart Conductor (all versions before 5.6.15, 6.0 to 6.1.9-lts and 6.2 to 6.2.5-sts)
- WAN Assurance Router (versions 6.0 to 6.1.9-lts and versions 6.2 to 6.2.5-sts)
The networking equipment maker, which was bought by Hewlett Packard Enterprise (HPE) for about $14 billion earlier this year, said it found no evidence of active exploitation of the flaw in the wild.
It also says that the vulnerability was discovered during internal product testing and that there are no workarounds to fix the problem.
“This vulnerability has been automatically patched on affected devices for WAN Assurance routers running MIST connected to the Mist Cloud,” it further notes. “It’s important to note that the patch automatically applied to Conductor-managed routers or WAN Assurance routers does not affect the router’s data plane functions.”
In January 2024, the company also released fixes for critical vulnerabilities in the same products (CVE-2024-21591CVSS score: 9.8), which could allow an attacker to cause a denial of service (DoS) or remote code execution and gain root privileges on devices.
With numerous security flaws in the company’s SRX firewalls and EX switches armed by threat actors last year, it is very important that users apply patches to protect against potential threats.
