CVE-2024-2973

EUVD-2024-27913
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.




No other Juniper Networks products or platforms are affected by this issue.





This issue affects:

Session Smart Router: 



  *  All versions before 5.6.15, 
  *  from 6.0 before 6.1.9-lts, 
  *  from 6.2 before 6.2.5-sts.



Session Smart Conductor: 



  *  All versions before 5.6.15, 
  *  from 6.0 before 6.1.9-lts, 
  *  from 6.2 before 6.2.5-sts. 



WAN Assurance Router: 



  *  6.0 versions before 6.1.9-lts, 
  *  6.2 versions before 6.2.5-sts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
junipersession_smart_conductor
𝑥
< 5.6.15
ADP
junipersession_smart_conductor
6.0 ≤
𝑥
< 6.1.9-lts
ADP
junipersession_smart_conductor
6.2 ≤
𝑥
< 6.2.5-sts
ADP
juniperwan_assurance_router
6.0 ≤
𝑥
< 6.1.9-lts
ADP
juniperwan_assurance_router
6.2 ≤
𝑥
< 6.2.5-sts
ADP
junipersession_smart_router
𝑥
< 5.6.15
ADP
junipersession_smart_router
6.0 ≤
𝑥
< 6.1.9-lts
ADP
junipersession_smart_router
6.2 ≤
𝑥
< 6.2.5-sts
ADP
Common Weakness Enumeration
References
https://support.juniper.net/support/eol/software/ssr/
https://supportportal.juniper.net/JSA83126
https://support.juniper.net/support/eol/software/ssr/
https://supportportal.juniper.net/JSA83126