Authentication Bypass Using Alternate Path or Channel Vulnerability Affects Juniper Networks Routers and Conductors

CVE-2024-2973

Summary

A critical vulnerability affecting Juniper Networks routers, identified as CVE-2024-2973, has been discovered, allowing an authentication bypass when running with a redundant peer. This vulnerability affects Session Smart Router versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts, as well as Session Smart Conductor versions before 5.6.15, from 6.0 before 6.1.9-lts, and 6.2 before 6.2.5-sts, and WAN Assurance Router versions 6.0 before 6.1.9-lts and 6.2 before 6.2.5-sts. Emergency patches have been released by Juniper Networks to fix this vulnerability, and there have been no reported instances of exploitation in the wild. Juniper Networks Security Incident Response Team has not detected any threat, and the company has swiftly responded by issuing updates and providing guidance for users to update their systems.

News Articles

The Cyber Express

CVE-2024-2973

Juniper Networks Issues Patches For Router Vulnerability

Juniper Networks releases urgent updates to fix CVE-2024-2973, a critical router vulnerability allowing authentication bypass, urging immediate upgrades.

6 months ago

The Register

CVE-2024-2973

Emergency patches now available for Juniper Networks routers

A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible. The authentication bypass bug,...

6 months ago

Techzine Europe

CVE-2024-2973

Juniper vulnerability allows remote takeover, patch available

Juniper Networks has issued an emergency patch to fix a critical vulnerability. CVE-2024-2973 allows hackers to take over devices.

6 months ago

More News...

References