CVE-2024-2973

Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. Session Smart Conductor: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. WAN Assurance Router: * 6.0 versions before 6.1.9-lts, * 6.2 versions before 6.2.5-sts.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

High

Availability (Subsequent System)

High

Changed

Red

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Juniper Networks / Session Smart Conductor0 – 5.6.15
Juniper Networks / Session Smart Conductor6.0 – 6.1.9-lts
Juniper Networks / Session Smart Conductor6.2 – 6.2.5-sts
Juniper Networks / Session Smart Router0 – 5.6.15
Juniper Networks / Session Smart Router6.0 – 6.1.9-lts
Juniper Networks / Session Smart Router6.2 – 6.2.5-sts
Juniper Networks / WAN Assurance Router6.0 – 6.1.9-lts
Juniper Networks / WAN Assurance Router6.2 – 6.2.5-sts

CVE-2024-2973

Description

CVSS breakdown

Affected products

References