Main site
Classification
Vulnerabilities
tool
Geeks
Web Security
system security
cyber security
Wireless Security
Device/Client Security
Data Security
Security Management
Enterprise Security
Industrial Control Security
feature
Headlines
Biography
Activity
video
View
recruitment
Report
Information
Blockchain Security
Standards and Compliance
Container Security
Public class
Official WeChat AccountEnterprise SecuritySina Weibo
FreeBuf.COM is a network security industry portal that publishes professional security information and technical analysis every day.
FreeBuf+ applet
Recently, Juniper Networks was exposed to an extremely serious “authentication” vulnerability, which has a significant impact on products such as Session Smart Router (SSR), Session Smart Conductor and WAN Assurance Router. At present, Juniper has urgently released the corresponding vulnerability patch, and users can update the system in time.
The vulnerability is numbered CVE-2024-2973, and attackers can exploit it to completely control the device. In simple terms, Juniper Session Smart Routers and Session Smart Conductors have a vulnerability that uses alternative paths or channels to bypass authentication when running redundant peer devices, allowing attackers to effectively bypass authentication and have a high degree of control over the device.
Juniper Networks further noted that only Routers or Conductors running in a high-availability redundant configuration are affected by the vulnerability.
In fact, in order to ensure the continuity of services or business, network administrators of most enterprises often apply “high availability redundant configuration” to improve uninterrupted services or resistance to malicious events. This also means that vulnerable configurations are quite common in mission-critical network infrastructures, including large enterprise environments, data centers, telecommunications, e-commerce, and government or public services.
The product versions affected by this vulnerability (CVE-2024-2973) include:
1. Session Smart Router
- All versions before 5.6.15
- All versions from 6.0 to 6.1.9-lts
- From 6.2 onwards, all versions before 6.2.5-sts
2. WAN Assurance Router
- 6.0 versions before 6.1.9-lts
- 6.2 versions before 6.2.5-sts
Session Smart Router provides security updates in versions 5.6.15, 6.1.9-lts, and 6.2.5-sts.
WAN Assurance routers are automatically patched when connected to Mist Cloud, but administrators of High-Availability clusters will need to upgrade to SSR-6.1.9 or SSR-6.2.5.
Juniper Networks notes that upgrading the Conductor node is enough to automatically apply the fix to connected routers, but routers should still be upgraded to the latest available version. Applying the vulnerability fix does not interrupt production traffic, and the downtime impact to web-based management and APIs is minimal, about 30 seconds.
Note that there are no other workarounds for this vulnerability and the recommended action is limited to applying the available fixes.
Juniper Networks products are targeted by hackers because they are deployed in critical and valuable environments. In 2023, Juniper Networks EX switches and SRX firewalls were involved in an attack chain consisting of four vulnerabilities, and malicious activity was observed less than a week after the vendor released the relevant announcement.
A few months later, CISA issued a warning about the active exploitation of the above vulnerability and urged federal agencies and critical organizations to apply security updates within four days, which is enough to reflect CISA's urgency and the dangers of the vulnerability.
Reference source: https://www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/
This article is Independent opinions, no reproduction without permission, for authorization, please contact FreeBuf customer service Xiao Bee, WeChat: freebee2022
GIPHY App Key not set. Please check settings