Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Alert on Critical Vulnerability Affecting Juniper Devices
Alerts

Alert on Critical Vulnerability Affecting Juniper Devices

2 July 2024

Juniper has released security updates to address a critical vulnerability (CVE-2024-2973) in their smart router and conductor products. The vulnerability has a maximum CVSSv4 score of 10 out of 10.

The vulnerability affects Juniper Networks Session Smart Router or Conductor running with a redundant peer. Successful exploitation of the vulnerability could allow an unauthenticated attacker to bypass authentication and gain remote control of the device.

The vulnerability affects the following product versions:

Session Smart Router & Conductor:

  • All versions before 5.6.15

  • From 6.0 before 6.1.9-lts

  • From 6.2 before 6.2.5-sts

WAN Assurance Router:

  • 6.0 versions before 6.1.9-lts

  • 6.2 versions before 6.2.5-sts

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:
https://supportportal.juniper.net/s/article/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US
https://www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/

Back to top