Lucene search

JuniperVULNRICHMENT:CVE-2024-2973

HistoryJun 27, 2024 - 8:17 p.m.

CVE-2024-2973 Session Smart Router(SSR): On redundant router deployments API authentication can be bypassed

2024-06-2720:17:50

CWE-288

juniper

github.com

juniper networks

authentication bypass

redundant router

vulnerability

network attack

control of device

high-availability configuration

session smart router

session smart conductor

wan assurance router

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/V:C/RE:M

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.
Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue affects:

Session Smart Router:

All versions before 5.6.15,
from 6.0 before 6.1.9-lts,
from 6.2 before 6.2.5-sts.

Session Smart Conductor:

All versions before 5.6.15,
from 6.0 before 6.1.9-lts,
from 6.2 before 6.2.5-sts.

WAN Assurance Router:

6.0 versions before 6.1.9-lts,
6.2 versions before 6.2.5-sts.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Session Smart Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.6.15",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.0",
        "lessThan": "6.1.9-lts",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2",
        "lessThan": "6.2.5-sts",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Juniper Networks",
    "product": "Session Smart Conductor",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.6.15",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.0",
        "lessThan": "6.1.9-lts",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2",
        "lessThan": "6.2.5-sts",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Juniper Networks",
    "product": "WAN Assurance Router",
    "versions": [
      {
        "status": "affected",
        "version": "6.0",
        "lessThan": "6.1.9-lts",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "6.2",
        "lessThan": "6.2.5-sts",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

support.juniper.net/support/eol/software/ssr/

supportportal.juniper.net/JSA83126

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H/AU:Y/U:Red/V:C/RE:M

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for VULNRICHMENT:CVE-2024-2973