CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts. Session Smart Conductor:  * All versions before 5.6.15,  * from 6.0 before 6.1.9-lts,  * from 6.2 before 6.2.5-sts.  WAN Assurance Router:  * 6.0 versions before 6.1.9-lts,  * 6.2 versions before 6.2.5-sts.
Configurations

No configuration.

History

21 Nov 2024, 09:10

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo en el enrutador o conductor inteligente de sesión de Juniper Networks que se ejecuta con un par redundante permite a un atacante basado en la red omitir la autenticación y tomar el control total del dispositivo. Esta vulnerabilidad solo afecta a los enrutadores o conductores que se ejecutan en configuraciones redundantes de alta disponibilidad. Este problema no afecta a ningún otro producto o plataforma de Juniper Networks. Este problema afecta a: Session Smart Router: * Todas las versiones anteriores a 5.6.15, * desde 6.0 anteriores a 6.1.9-lts, * desde 6.2 anteriores a 6.2.5-sts. Session Smart Conductor: *Todas las versiones anteriores a 5.6.15, *desde 6.0 antes de 6.1.9-lts, *desde 6.2 antes de 6.2.5-sts. Enrutador de garantía de WAN: * Versiones 6.0 anteriores a 6.1.9-lts, * Versiones 6.2 anteriores a 6.2.5-sts.
References () https://support.juniper.net/support/eol/software/ssr/ - () https://support.juniper.net/support/eol/software/ssr/ -
References () https://supportportal.juniper.net/JSA83126 - () https://supportportal.juniper.net/JSA83126 -

27 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 21:15

Updated : 2024-11-21 09:10


NVD link : CVE-2024-2973

Mitre link : CVE-2024-2973

CVE.ORG link : CVE-2024-2973


JSON object : View

Products Affected

No product.

CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel