Juniper Networks has launched out-of-band safety updates to deal with a important safety flaw that might result in an authentication bypass in a few of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS rating of 10.0, indicating most severity.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Good Router or Conductor working with a redundant peer permits a community primarily based attacker to bypass authentication and take full management of the system,” the corporate stated in an advisory issued final week.
In line with Juniper Networks, the shortcoming impacts solely these routers or conductors which might be working in high-availability redundant configurations. The record of impacted gadgets is listed beneath –
- Session Good Router (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- Session Good Conductor (all variations earlier than 5.6.15, from 6.0 earlier than 6.1.9-lts, and from 6.2 earlier than 6.2.5-sts)
- WAN Assurance Router (6.0 variations earlier than 6.1.9-lts and 6.2 variations earlier than 6.2.5-sts)
The networking tools maker, which was purchased out by Hewlett Packard Enterprise (HPE) for about $14 billion earlier this 12 months, stated it discovered no proof of lively exploitation of the flaw within the wild.
It additionally stated that it found the vulnerability throughout inner product testing and that there are not any workarounds that resolve the problem.
“This vulnerability has been patched mechanically on affected gadgets for MIST managed WAN Assurance routers related to the Mist Cloud,” it additional famous. “It is very important word that the repair is utilized mechanically on managed routers by a Conductor or on WAN assurance routers has no impression on data-plane capabilities of the router.”
In January 2024, the corporate additionally rolled out fixes for a important vulnerability in the identical merchandise (CVE-2024-21591, CVSS rating: 9.8) that might allow an attacker to trigger a denial-of-service (DoS) or distant code execution and procure root privileges on the gadgets.
With a number of safety flaws affecting the corporate’s SRX firewalls and EX switches weaponized by menace actors final 12 months, it is important that customers apply the patches to guard in opposition to potential threats.