Emergency Security Update Released by Juniper Networks for Maximum Severity Authentication Bypass Flaw

June 30, 2024

Juniper Networks, a major provider of networking solutions, has urgently rolled out an update to remediate a high severity vulnerability that could allow authentication bypass in its Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. This security flaw is identified as CVE-2024-2973, and if exploited, it could provide an attacker with full control over the device.

The vulnerability is described as “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device.” It is important to note that this vulnerability only affects Routers or Conductors that are operating in high-availability redundant configurations, as stated by Juniper in the security advisory.

High-availability redundant configurations are typically applied by web administrators where service continuity is paramount. These configurations are crucial for maintaining uninterrupted services and bolstering resilience against unexpected disruptive events. Consequently, such configurations are commonly found in mission-critical network infrastructures, including large enterprise environments, data centers, telecommunications, e-commerce, and government or public services.

The product versions impacted by CVE-2024-2973 include Session Smart Router & Conductor versions 5.6.15, 6.1.9-lts, and 6.2.5-sts. WAN Assurance Routers are automatically patched when connected to the Mist Cloud, but administrators of High-Availability clusters need to upgrade to SSR-6.1.9 or SSR-6.2.5. Juniper also suggests that upgrading Conductor nodes is sufficient to apply the fix automatically to connected routers, but routers should still be upgraded to the latest available version.

Juniper assures its customers that the application of the fix should not disrupt production traffic and it should only result in approximately 30 seconds of downtime for web-based management and APIs. There are no workarounds available for this vulnerability, and the recommended course of action is to apply the available fixes.

Juniper products are often targeted by hackers due to the critical and valuable environments in which they are deployed. Last year, Juniper EX switches and SRX firewalls were exploited via a chain involving four vulnerabilities, with malicious activity observed less than a week after the vendor released the related bulletin. A few months later, CISA issued a warning about the active exploitation of the mentioned flaws at a larger scale, urging federal agencies and critical organizations to apply the security updates within the next four days, an unusually short deadline for CISA alerts.

Latest News

• Unauthenticated OpenSSH RCE Vulnerability 'regreSSHion' Threatens Linux Servers
• Malicious PowerShell Scripts Posed as Windows Fixes by Fake IT Support Sites
• Critical Vulnerability in D-Link DIR-859 WiFi Routers Exploited by Hackers
• Kimsuky's TRANSLATEXT Chrome Extension: A New Tool for Data Theft
• Cryptocurrency Mining Exploitation: The 8220 Gang and Oracle WebLogic Server Vulnerabilities