A critical vulnerability affecting Juniper Networks routers forced the vendor to issue emergency patches last week, and users are advised to apply them as soon as possible.

The authentication bypass bug, tracked as CVE-2024-2973, scored a perfect 10 rating on both the CVSS 3.1 and CVSS 4 systems, illustrating the seriousness of the issue.

"An authentication bypass using an alternate path or channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device," Juniper said in its advisory.

The bug impacts Juniper's Smart Session Router, Session Smart Conductor management platform, and WAN Assurance Routers and only those that run high-availability redundant configurations are vulnerable.

While there is no evidence to suggest that the vulnerability has been exploited in the wild yet, the fact Juniper released the patches outside of the products' usual cycle hints at the vendor's concern about its severity and exploitability.

With CVE-2024-2973 affecting devices running high-availability configs too, successful attacks have the potential to cause significant disruption.

As for the specific vulnerable versions, for Session Smart Routers it's:

• All versions before 5.6.15

• From 6.0 before 6.1.9-lts

• From 6.2 before 6.2.5-sts

For Session Smart Conductor: 

• All versions before 5.6.15

• From 6.0 before 6.1.9-lts

• From 6.2 before 6.2.5-sts 

And for WAN Assurance Routers: 

• 6.0 versions before 6.1.9-lts

• 6.2 versions before 6.2.5-sts

For routers managed by the Session Smart Conductor platform, Juniper said as long as the Conductor nodes are upgraded then the security fixes will automatically apply to connected routers.

The vendor still recommends upgrading each vulnerable router individually, but it would be quicker to protect against CVE-2024-2973 by just upgrading the Conductor nodes before doing the full job.

WAN Assurance Routers would also have had the patch applied automatically already if they were managed by and connected to Juniper Mist, its AI-driven cloud platform.

"It is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN Assurance Routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic," Juniper said. 

"There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly." ®

https://www.theregister.com//2024/07/01/emergency_patches_available_for_juniper/