Juniper Networks exposes the most serious “authentication” vulnerability affecting a large number of routers

FreeBuf.COM is a network security industry portal that publishes professional security information and technical analysis every day.

Recently, Juniper Networks was exposed to an extremely serious “authentication” vulnerability, which has a significant impact on products such as Session Smart Router (SSR), Session Smart Conductor and WAN Assurance Router. At present, Juniper has urgently released the corresponding vulnerability patch, and users can update the system in time.

The vulnerability is numbered CVE-2024-2973, and attackers can exploit it to completely control the device. In simple terms, Juniper Session Smart Routers and Session Smart Conductors have a vulnerability that uses alternative paths or channels to bypass authentication when running redundant peer devices, allowing attackers to effectively bypass authentication and have a high degree of control over the device.

Juniper Networks further noted that only Routers or Conductors running in a high-availability redundant configuration are affected by the vulnerability.

In fact, in order to ensure the continuity of services or business, network administrators of most enterprises often apply “high availability redundant configuration” to improve uninterrupted services or resistance to malicious events. This also means that vulnerable configurations are quite common in mission-critical network infrastructures, including large enterprise environments, data centers, telecommunications, e-commerce, and government or public services.

The product versions affected by this vulnerability (CVE-2024-2973) include:

1. Session Smart Router

• All versions before 5.6.15
• All versions from 6.0 to 6.1.9-lts
• From 6.2 onwards, all versions before 6.2.5-sts

2. WAN Assurance Router

• 6.0 versions before 6.1.9-lts
• 6.2 versions before 6.2.5-sts

Session Smart Router provides security updates in versions 5.6.15, 6.1.9-lts, and 6.2.5-sts.

WAN Assurance routers are automatically patched when connected to Mist Cloud, but administrators of High-Availability clusters will need to upgrade to SSR-6.1.9 or SSR-6.2.5.

Juniper Networks notes that upgrading the Conductor node is enough to automatically apply the fix to connected routers, but routers should still be upgraded to the latest available version. Applying the vulnerability fix does not interrupt production traffic, and the downtime impact to web-based management and APIs is minimal, about 30 seconds.

Note that there are no other workarounds for this vulnerability and the recommended action is limited to applying the available fixes.

Juniper Networks products are targeted by hackers because they are deployed in critical and valuable environments. In 2023, Juniper Networks EX switches and SRX firewalls were involved in an attack chain consisting of four vulnerabilities, and malicious activity was observed less than a week after the vendor released the relevant announcement.

A few months later, CISA issued a warning about the active exploitation of the above vulnerability and urged federal agencies and critical organizations to apply security updates within four days, which is enough to reflect CISA's urgency and the dangers of the vulnerability.

Reference source: https://www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/

This article is Independent opinions, no reproduction without permission, for authorization, please contact FreeBuf customer service Xiao Bee, WeChat: freebee2022