EUVD-2025-206381

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

CVE-2025-21589 Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

CVE-2025-21589

CVE-2025-21589 is an API authentication bypass vulnerability in Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Routers. A network-based attacker could bypass authentication and gain administrative control. Affected versions include Session Smart Router: 5.6.7–5....

Several products of Juniper Networks have security vulnerabilities

Juniper Networks Session Smart Conductor is a product of the American company Juniper Networks. Juniper Networks Session Smart Conductor is a centralized management and control platform for wide-area network architectures. Juniper Networks Session Smart Router is a software-based intelligent...

EUVD-2021-18259

Malware in sbrugna...

EUVD-2024-27913

Malicious code in bioql PyPI...

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in the Session Smart Router. The vulnerability allows a malicious person to access and thus take over the vulnerable system without prior authentication. Juniper has released updates to fix the vulnerability. See attached references for more information...

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589 , the vulnerability carries a...

PT-2025-6925

Name of the Vulnerable Software and Affected Versions Juniper Networks Session Smart Router versions 5.6.7 through 5.6.16 Juniper Networks Session Smart Router versions 6.0.8 Juniper Networks Session Smart Router versions 6.1 through 6.1.11-lts Juniper Networks Session Smart Router versions 6.2...

Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords

Juniper Networks is warning that Session Smart Router SSR products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Sma...

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Usin...

Vulnerability fixed in Juniper Session Smart Router

Juniper has fixed a vulnerability in Session Smart Router SSR. SSR is a software router application for SD-WAN systems. An unauthenticated malicious person with access to the infrastructure can exploit the vulnerability to access and take over the system. The limiting condition, however, is that...

CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

CVE-2024-2973

CVE-2024-2973 affects Juniper Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router when deployed in High-Availability redundant configurations. The vulnerability is an Authentication Bypass via an alternate path or channel that lets a network-based attacker bypass authent...

CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...

Session Smart Router Security Vulnerability

Session Smart Router is Juniper's designed to provide users with a superior connectivity experience, the router is built on an application-aware and zero-trust secure network architecture that meets the most stringent enterprise performance, security and availability requirements. A security...

CVE-2021-31349 Session Smart Router: Authentication Bypass Vulnerability

The usage of an internal HTTP header created an authentication bypass vulnerability CWE-287, allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. This issue affects all Juniper Networks 128 Technology Session Smart Router versions prior to...

128 Technology Session Smart Router vulnerable to authentication bypass

Overview 128 Technology Session Smart Router provided by 128 Technology contains an authentication bypass vulnerability CWE-287. Genta Kataoka of IERAE SECURITY INC. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...