Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability

by Esmeralda McKenzie
Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability

Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability

Juniper Session Smartly-organized Router Flaw Let Attackers Bypass Vulnerability

Juniper Networks has disclosed a famous vulnerability (CVE-2024-2973) affecting its Session Smartly-organized Router (SSR) and Session Smartly-organized Conductor products.

The flaw permits community-primarily based completely mostly attackers to circumvent authentication and build total management of the machine in high-availability redundant configurations.

CVE-2024-2973: Excessive Authentication Bypass Vulnerability

The vulnerability, identified as an “Authentication Bypass The utilization of an Alternate Path or Channel,” impacts SSR and Conductor devices running in redundant peer setups.

Attackers can exploit this flaw to circumvent API authentication, posing a wide security risk.

Affected Merchandise and Variations

The discipline impacts the next variations:

  • Session Smartly-organized Router:
  • All variations forward of 5.6.15
  • Variations from 6.0 forward of 6.1.9-lts
  • Variations from 6.2 forward of 6.2.5-sts
  • Session Smartly-organized Conductor:
  • All variations forward of 5.6.15
  • Variations from 6.0 forward of 6.1.9-lts
  • Variations from 6.2 forward of 6.2.5-sts
  • WAN Assurance Router:
  • Variations 6.0 forward of 6.1.9-lts
  • Variations 6.2 forward of 6.2.5-sts

Juniper Networks has launched as a lot as this point tool variations to tackle this vulnerability: Session Smartly-organized Router – SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases.

For Conductor-managed deployments, upgrading the Conductor nodes will robotically apply the repair to all linked routers.

Alternatively, it’s easy immediate that the routers be upgraded to a mounted model to invent sure total protection.

The patch has been utilized robotically for WAN Assurance routers linked to the Mist Cloud.

Methods in a High-Availability cluster must be upgraded to SSR-6.1.9 or SSR-6.2.5 as soon as that you might perhaps presumably well trust.

The repair’s utility is non-disruptive to production traffic, with finest a handy guide a rough downtime (no longer as a lot as 30 seconds) for net-primarily based completely mostly management and APIs.

Juniper Networks advises all affected customers to toughen their programs promptly to mitigate the likelihood posed by this vulnerability.

Source credit : cybersecuritynews.com

Related Posts