Main Vulnerability Database Vulnerabilities #VU93506

#VU93506 Authentication bypass using an alternate path or channel in Juniper Networks, Inc. products - CVE-2024-2973

Published: July 1, 2024

Vulnerability identifier: #VU93506

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2024-2973

CWE-ID: CWE-288

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Session Smart Router
Session Smart Conductor
WAN Assurance Router

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing authentication checks when running with a redundant peer. A remote non-authenticated attacker can bypass authentication and take full control over the affected device.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US

#VU93506 Authentication bypass using an alternate path or channel in Juniper Networks, Inc. products - CVE-2024-2973

Description

Remediation

External links

Please verify you're human