HomeVulnerabilityJuniper Networks Releases Essential Safety Replace for Routers

Juniper Networks Releases Essential Safety Replace for Routers

Juniper Networks has launched out-of-band security updates to deal with a essential security flaw that might result in an authentication bypass in a few of its routers.

The vulnerability, tracked as CVE-2024-2973, carries a CVSS rating of 10.0, indicating most severity.

“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Sensible Router or Conductor working with a redundant peer permits a community primarily based attacker to bypass authentication and take full management of the machine,” the corporate mentioned in an advisory issued final week.

Cybersecurity

Based on Juniper Networks, the shortcoming impacts solely these routers or conductors which are working in high-availability redundant configurations. The listing of impacted gadgets is listed beneath –

  • Session Sensible Router (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
  • Session Sensible Conductor (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
  • WAN Assurance Router (6.0 variations earlier than 6.1.9-lts and 6.2 variations earlier than 6.2.5-sts)
See also  Over 40,000 Cisco IOS XE gadgets contaminated with backdoor utilizing zero-day

The networking gear maker, which was purchased out by Hewlett Packard Enterprise (HPE) for about $14 billion earlier this 12 months, mentioned it discovered no proof of lively exploitation of the flaw within the wild.

It additionally mentioned that it found the vulnerability throughout inner product testing and that there aren’t any workarounds that resolve the difficulty.

“This vulnerability has been patched mechanically on affected gadgets for MIST managed WAN Assurance routers related to the Mist Cloud,” it additional famous. “It is very important word that the repair is utilized mechanically on managed routers by a Conductor or on WAN assurance routers has no influence on data-plane capabilities of the router.”

Cybersecurity

In January 2024, the corporate additionally rolled out fixes for a essential vulnerability in the identical merchandise (CVE-2024-21591, CVSS rating: 9.8) that might allow an attacker to trigger a denial-of-service (DoS) or distant code execution and procure root privileges on the gadgets.

See also  Development Micro fixes endpoint safety zero-day utilized in assaults

With a number of security flaws affecting the corporate’s SRX firewalls and EX switches weaponized by menace actors final 12 months, it is important that customers apply the patches to guard towards potential threats.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular