Juniper Networks has launched out-of-band security updates to deal with a essential security flaw that might result in an authentication bypass in a few of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS rating of 10.0, indicating most severity.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Sensible Router or Conductor working with a redundant peer permits a community primarily based attacker to bypass authentication and take full management of the machine,” the corporate mentioned in an advisory issued final week.
Based on Juniper Networks, the shortcoming impacts solely these routers or conductors which are working in high-availability redundant configurations. The listing of impacted gadgets is listed beneath –
- Session Sensible Router (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- Session Sensible Conductor (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- WAN Assurance Router (6.0 variations earlier than 6.1.9-lts and 6.2 variations earlier than 6.2.5-sts)
The networking gear maker, which was purchased out by Hewlett Packard Enterprise (HPE) for about $14 billion earlier this 12 months, mentioned it discovered no proof of lively exploitation of the flaw within the wild.
It additionally mentioned that it found the vulnerability throughout inner product testing and that there aren’t any workarounds that resolve the difficulty.
“This vulnerability has been patched mechanically on affected gadgets for MIST managed WAN Assurance routers related to the Mist Cloud,” it additional famous. “It is very important word that the repair is utilized mechanically on managed routers by a Conductor or on WAN assurance routers has no influence on data-plane capabilities of the router.”
In January 2024, the corporate additionally rolled out fixes for a essential vulnerability in the identical merchandise (CVE-2024-21591, CVSS rating: 9.8) that might allow an attacker to trigger a denial-of-service (DoS) or distant code execution and procure root privileges on the gadgets.
With a number of security flaws affecting the corporate’s SRX firewalls and EX switches weaponized by menace actors final 12 months, it is important that customers apply the patches to guard towards potential threats.