Juniper Networks fixed a critical authentication bypass flaw in some of its routers

Pierluigi Paganini July 01, 2024

Juniper Networks released out-of-band security updates to address a critical authentication bypass vulnerability impacting some of its routers.

Juniper Networks has released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-2973 (CVSS score of 10.0), that could lead to an authentication bypass in some of its routers. The company discovered the vulnerability during internal product security testing or research.

The flaw in Juniper Networks Session Smart Router or Conductor with a redundant peer allows a network-based attacker to bypass authentication and gain full control of the device.

“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.” reads the advisory.

The vulnerability only impacts routers or conductors that are running in high-availability redundant configurations.

This vulnerability impacts:

Session Smart Router: 

  • All versions before 5.6.15, 
  • from 6.0 before 6.1.9-lts, 
  • from 6.2 before 6.2.5-sts.

Session Smart Conductor: 

  • All versions before 5.6.15, 
  • from 6.0 before 6.1.9-lts, 
  • from 6.2 before 6.2.5-sts. 

WAN Assurance Router: 

  • 6.0 versions before 6.1.9-lts, 
  • 6.2 versions before 6.2.5-sts.

According to the advisory, there are no workarounds that address the flaw.

The company SIRT states that they are unaware of any malicious exploitation of the vulnerability CVE-2024-2973.

“This vulnerability has been patched automatically on affected devices for MIST managed WAN Assurance routers connected to the Mist Cloud.” concludes the advisory. “It is important to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers has no impact on data-plane functions of the router. The application of the fix is non-disruptive to production traffic. There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly.”

In January, Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches.

The vulnerability resides in the devices’ J-Web configuration interfaces, an unauthenticated attacker can exploit the vulnerability to get root privileges or launch denial-of-service (DoS) attacks against unpatched devices.

In the same month, Juniper Networks also released other out-of-band updates to address two high-severity flaws, tracked as CVE-2024-21619 and CVE-2024-21620, in SRX Series and EX Series.

The flaws could be exploited by a threat actor to take control of susceptible systems.

The flaw CVE-2024-21619 (CVSS score: 5.3) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can chain this issue with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series to access sensitive system information.

The flaw CVE-2024-21620 (CVSS score: 8.8) is an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series. An attacker can trigger the flaw to craft a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, D-Link DIR-859)



you might also like

leave a comment