An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device.
Juniper Networks discovered the vulnerability internally and automatically patched affected MIST managed WAN Assurance routers. There are no workarounds available to resolve the issue.
The recent vulnerability (CVE-2024-2973, CVSS score of 10.0) affects specific versions of Session Smart Router, Session Smart Conductor, and WAN Assurance Router in redundant configurations.
[
Collection
]
[
|
...
]