Juniper releases out-of-cycle fix for max severity auth bypass flaw
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
The security issue is tracked as CVE-2024-2973 and an attacker could exploit it to take full control of the device.
"An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device," reads the description of the vulnerability.
"Only Routers or Conductors that are running in high-availability redundant configurations are affected by this vulnerability," Juniper notes in the security advisory.
Web admins apply "High-availability redundant configurations" where service continuity is critical. This configuration is essential to maintaining uninterrupted services and increasing resilience against unforeseen, disruptive events.
This makes the vulnerable configuration quite common in mission-critical network infrastructure, including in large enterprise environments, data centers, telecommunications, e-commerce, and government or public services.
The product versions impacted by CVE-2024-2973 are:
Session Smart Router & Conductor:
- All versions before 5.6.15
- From 6.0 before 6.1.9-lts
- From 6.2 before 6.2.5-sts
WAN Assurance Router:
- 6.0 versions before 6.1.9-lts
- 6.2 versions before 6.2.5-sts
Security updates were made available for Session Smart Router in versions 5.6.15, 6.1.9-lts, and 6.2.5-sts.
WAN Assurance Routers are patched automatically when connected to the Mist Cloud, but administrators of High-Availability clusters need to upgrade to SSR-6.1.9 or SSR-6.2.5.
Juniper also notes that upgrading Conductor nodes is enough to apply the fix automatically to connected routers, but routers should still be upgraded to the latest available version.
The vendor assures customers that the application of the fix does not disrupt the production traffic and it should have a minimal impact of roughly 30 seconds of downtime for web-based management and APIs.
No workarounds are available for this vulnerability and the recommended action is limited to applying the available fixes.
Hackers targeting Juniper
Juniper products are an attractive target for hackers due to the critical and valuable environments they are deployed.
Last year, Juniper EX switches and SRX firewalls were targeted via an exploit chain involving four vulnerabilities, with the malicious activity observed less than a week after the vendor published the related bulletin.
A few months later, CISA warned about the active exploitation of the mentioned flaws taking larger proportions, urging federal agencies and critical organizations to apply the security updates within the next four days, an unusually short deadline for CISA alerts.
Comments