Authentication bypass vulnerability CVE-2024-2973 affects Session Smart Router, Conductor, and WAN Assurance Router

Threat ID:CC-4518

Threat Severity:Medium

Published:1 July 2024 1:54 PM

Summary

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 5.6.15, all prior to 6.1.9-lts, all prior to 6.2.5-sts

Juniper Networks Session Smart Router

Versions: all prior to 5.6.15, all prior to 6.1.9-lts, all prior to 6.2.5-sts

Juniper Networks Conductor

Versions: all prior to 6.1.9-lts, all prior to 6.2.5-sts

Juniper Networks RoutersWAN Assurance Router

Threat details

High-availability redundant configurations

Only Routers or Conductors that are running in high-availability redundant configurations are affected by this vulnerability.

This vulnerability has been patched automatically on affected devices for MIST managed WAN Assurance routers connected to the Mist Cloud.

Introduction

Juniper Networks has released an out-of-cycle security update addressing one critical authentication bypass using an alternate path or channel vulnerability, which has a CVSSv4 score of 10.0. This vulnerability affects Juniper Networks Session Smart Router or Conductor running with a redundant peer configuration. An authenticated, remote attacker could exploit this vulnerability to bypass authentication and take full control of the device.

Remediation advice

Affected organisations are encouraged to review Juniper Networks out-of-cycle security bulletin: "Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed (CVE-2024-2973)" Article ID JSA83126 and apply any relevant security updates.

Definitive source of threat updates

https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US

CVE Vulnerabilities

StatusPublished

CVE-2024-2973An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. Session Smart Conductor: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. WAN Assurance Router: * 6.0 versions before 6.1.9-lts, * 6.2 versions before 6.2.5-sts.

Last edited: 1 July 2024 1:54 pm