Juniper Networks has launched out-of-band safety updates to deal with a crucial safety flaw that might result in an authentication bypass in a few of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS rating of 10.0, indicating most severity.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Good Router or Conductor operating with a redundant peer permits a community primarily based attacker to bypass authentication and take full management of the gadget,” the corporate stated in an advisory issued final week.
In response to Juniper Networks, the shortcoming impacts solely these routers or conductors which might be operating in high-availability redundant configurations. The checklist of impacted units is listed under –
- Session Good Router (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- Session Good Conductor (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- WAN Assurance Router (6.0 variations earlier than 6.1.9-lts and 6.2 variations earlier than 6.2.5-sts)
The networking gear maker, which was purchased out by Hewlett Packard Enterprise (HPE) for roughly $14 billion earlier this yr, stated it discovered no proof of energetic exploitation of the flaw within the wild.
It additionally stated that it found the vulnerability throughout inner product testing and that there are not any workarounds that resolve the problem.
“This vulnerability has been patched routinely on affected units for MIST managed WAN Assurance routers linked to the Mist Cloud,” it additional famous. “You will need to be aware that the repair is utilized routinely on managed routers by a Conductor or on WAN assurance routers has no impression on data-plane features of the router.”
In January 2024, the corporate additionally rolled out fixes for a crucial vulnerability in the identical merchandise (CVE-2024-21591, CVSS rating: 9.8) that might allow an attacker to trigger a denial-of-service (DoS) or distant code execution and acquire root privileges on the units.
With a number of safety flaws affecting the corporate’s SRX firewalls and EX switches weaponized by menace actors final yr, it is important that customers apply the patches to guard in opposition to potential threats.
