- 190/2024
- Critical
Juniper has released security updates to fix a critical vulnerability that affects multiple Juniper products.
The addressed vulnerability could allow the remote attacker to bypass security restrictions, bypass authentication, and take full control of the affected products by sending specially crafted requests.
Juniper Networks Session Smart Router Security Bypass (CVE-2024-2973):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Affected products:
- Session Smart Router: (All versions before 5.6.15, from 6.0 before 6.1.9-lts, from 6.2 before 6.2.5-sts.).
- Session Smart Conductor: (All versions before 5.6.15, from 6.0 before 6.1.9-lts, from 6.2 before 6.2.5-sts.).
- WAN Assurance Router: (6.0 versions before 6.1.9-lts, 6.2 versions before 6.2.5-sts.).
Vulnerabilities
CVE-2024-2973
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.