CVE-2024-2973

Summary

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue affects:

Session Smart Router: 

  • All versions before 5.6.15, 
  • from 6.0 before 6.1.9-lts, 
  • from 6.2 before 6.2.5-sts.

Session Smart Conductor: 

  • All versions before 5.6.15, 
  • from 6.0 before 6.1.9-lts, 
  • from 6.2 before 6.2.5-sts. 

WAN Assurance Router: 

  • 6.0 versions before 6.1.9-lts, 
  • 6.2 versions before 6.2.5-sts.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksSession Smart Router0 < 5.6.15affected
Juniper NetworksSession Smart Router6.0 < 6.1.9-ltsaffected
Juniper NetworksSession Smart Router6.2 < 6.2.5-stsaffected
Juniper NetworksSession Smart Conductor0 < 5.6.15affected
Juniper NetworksSession Smart Conductor6.0 < 6.1.9-ltsaffected
Juniper NetworksSession Smart Conductor6.2 < 6.2.5-stsaffected
Juniper NetworksWAN Assurance Router6.0 < 6.1.9-ltsaffected
Juniper NetworksWAN Assurance Router6.2 < 6.2.5-stsaffected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References