Juniper Networks has introduced out-of-band security updates to handle a critical security flaw that could lead to an authentication bypass in some of its routers.
The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10., indicating utmost severity.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Clever Router or Conductor functioning with a redundant peer permits a network centered attacker to bypass authentication and choose whole management of the gadget,” the business reported in an advisory issued final 7 days.
According to Juniper Networks, the shortcoming influences only those people routers or conductors that are operating in substantial-availability redundant configurations. The checklist of impacted gadgets is shown beneath –
- Session Clever Router (all versions prior to 5.6.15, from 6. just before 6.1.9-lts, and from 6.2 right before 6.2.5-sts)
- Session Good Conductor (all versions in advance of 5.6.15, from 6. in advance of 6.1.9-lts, and from 6.2 in advance of 6.2.5-sts)
- WAN Assurance Router (6. variations prior to 6.1.9-lts and 6.2 variations before 6.2.5-sts)
The networking machines maker, which was purchased out by Hewlett Packard Organization (HPE) for about $14 billion previously this year, stated it found no proof of energetic exploitation of the flaw in the wild.
It also stated that it found out the vulnerability throughout interior solution testing and that there are no workarounds that resolve the issue.
“This vulnerability has been patched quickly on afflicted gadgets for MIST managed WAN Assurance routers linked to the Mist Cloud,” it even more mentioned. “It is vital to be aware that the fix is utilized immediately on managed routers by a Conductor or on WAN assurance routers has no impact on knowledge-aircraft capabilities of the router.”
In January 2024, the enterprise also rolled out fixes for a critical vulnerability in the exact products (CVE-2024-21591, CVSS score: 9.8) that could enable an attacker to trigger a denial-of-service (DoS) or distant code execution and acquire root privileges on the equipment.
With numerous security flaws impacting the company’s SRX firewalls and EX switches weaponized by danger actors previous yr, it is important that customers use the patches to defend against opportunity threats.
Found this article attention-grabbing? Stick to us on Twitter and LinkedIn to read through extra exceptional articles we post.
Some parts of this article are sourced from:
thehackernews.com