Juniper Networks has issued an out-of-band security update to address a critical flaw that poses a significant security risk to its routers. The vulnerability CVE-2024-2973, boasts a CVSS score of 10.0, marking it as exceptionally severe.
The flaw allows a network-based attacker to bypass authentication using an alternate path or channel, thereby gaining complete control over the device. This critical issue affects Juniper Networks’ Session Smart Router and Conductor when operating in high-availability redundant configurations. Affected versions include:
- Session Smart Router: All versions before 5.6.15, 6.0 before 6.1.9-lts, and 6.2 before 6.2.5-sts.
- Session Smart Conductor: Versions 6.0 before 6.1.9-lts and 6.2 before 6.2.5-sts.
- WAN Assurance Router: Versions 6.0 before 6.1.9-lts and versions 6.2 before 6.2.5-sts.
Despite the gravity of the vulnerability, Juniper Networks has assured that there is no evidence of active exploitation in the wild. The issue was identified during routine internal testing; no workarounds are available.
The company has highlighted that the patch has been automatically deployed to affected devices managed by MIST for WAN Assurance routers connected to the Mist Cloud. Importantly, this update does not impact the data-plane functions of the routers.
Earlier this year, in January 2024, Juniper Networks addressed another critical vulnerability (CVE-2024-21591, CVSS score: 9.8) in the same product lines. This flaw could have allowed attackers to execute a denial-of-service (DoS) or remote code execution and obtain root privileges on the devices.
Solution to CVE-2024-2973
The following software releases have been updated to resolve this issue:
Session Smart Router: SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases
In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers. As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.
Given the history of security flaws, including those weaponized against SRX firewalls and EX switches, users must apply these updates promptly to safeguard against potential threats.
Please ensure the security updates are applied immediately.
Patch Critical Vulnerabilities in a Jiff with SanerNow Patch Management
SanerNow patch management is continous, integrated and automated patching tool which supports all major OSs like windows,linux and macOS. Alongside it patches 550+ third-party applications instantly.
All latest patches are pretested and made available within 24hrs of detection. SanerNow patch management also provide a feature of rollback, incase of failure or operational disruptions you can revert back to stable previous versions
Schdeule a demo now