Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Juniper Networks has disclosed a critical vulnerability (CVE-2024-2973) affecting its Session Smart Router (SSR) and Session Smart Conductor products.
The flaw allows network-based attackers to bypass authentication and gain complete control of the device in high-availability redundant configurations.
CVE-2024-2973: Critical Authentication Bypass Vulnerability
The vulnerability, identified as an “Authentication Bypass Using an Alternate Path or Channel,” impacts SSR and Conductor devices running in redundant peer setups.
Attackers can exploit this flaw to bypass API authentication, posing a significant security risk.
Affected Products and Versions
The issue affects the following versions:
Juniper Networks has released updated software versions to address this vulnerability: Session Smart Router –SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases.
For Conductor-managed deployments, upgrading the Conductor nodes will automatically apply the fix to all connected routers.
However, it is still recommended that the routers be upgraded to a fixed version to ensure complete protection.
The patch has been applied automatically for WAN Assurance routers connected to the Mist Cloud.
Systems in a High-Availability cluster should be upgraded to SSR-6.1.9 or SSR-6.2.5 as soon as possible.
The fix’s application is non-disruptive to production traffic, with only a brief downtime (less than 30 seconds) for web-based management and APIs.
Juniper Networks advises all affected users to upgrade their systems promptly to mitigate the risk posed by this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability
Author: DhivyaJuniper Networks has disclosed a critical vulnerability (CVE-2024-2973) affecting its Session Smart Router (SSR) and Session Smart Conductor products.
The flaw allows network-based attackers to bypass authentication and gain complete control of the device in high-availability redundant configurations.
CVE-2024-2973: Critical Authentication Bypass Vulnerability
The vulnerability, identified as an “Authentication Bypass Using an Alternate Path or Channel,” impacts SSR and Conductor devices running in redundant peer setups.
Attackers can exploit this flaw to bypass API authentication, posing a significant security risk.
Affected Products and Versions
The issue affects the following versions:
- Session Smart Router:
- All versions before 5.6.15
- Versions from 6.0 before 6.1.9-lts
- Versions from 6.2 before 6.2.5-sts
- Session Smart Conductor:
- All versions before 5.6.15
- Versions from 6.0 before 6.1.9-lts
- Versions from 6.2 before 6.2.5-sts
- WAN Assurance Router:
- Versions 6.0 before 6.1.9-lts
- Versions 6.2 before 6.2.5-sts
Juniper Networks has released updated software versions to address this vulnerability: Session Smart Router –SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases.
For Conductor-managed deployments, upgrading the Conductor nodes will automatically apply the fix to all connected routers.
However, it is still recommended that the routers be upgraded to a fixed version to ensure complete protection.
The patch has been applied automatically for WAN Assurance routers connected to the Mist Cloud.
Systems in a High-Availability cluster should be upgraded to SSR-6.1.9 or SSR-6.2.5 as soon as possible.
The fix’s application is non-disruptive to production traffic, with only a brief downtime (less than 30 seconds) for web-based management and APIs.
Juniper Networks advises all affected users to upgrade their systems promptly to mitigate the risk posed by this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
