Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Juniper Networks Releases Security Updates for a Critical 10.0 Vulnerability

Pietro Melillo : 1 July 2024 08:45

Juniper Networks has recently announced the release of out-of-band security updates to address a severe vulnerability that could lead to an authentication bypass in some of its routers. This vulnerability, identified as CVE-2024-2973, has received a CVSS score of 10.0, indicating the highest possible severity.

The CVE-2024-2973 Vulnerability

According to Juniper Networks, the vulnerability involves an authentication bypass using an alternate path or channel in Session Smart routers or conductors that operate with a redundant peer. This issue allows a network-based attacker to bypass authentication and take full control of the device. In an advisory issued last week, the company explained that the vulnerability affects only routers or conductors configured in high-availability redundant mode.

Affected Devices

The security updates are intended for the following devices:

  • Session Smart Router: all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts.
  • Session Smart Conductor: all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts.
  • WAN Assurance Router: versions 6.0 before 6.1.9-lts and versions 6.2 before 6.2.5-sts.

No Evidence of Active Exploitation

Vorresti toccare con mano la Cybersecurity e la tecnologia? Iscriviti GRATIS ai WorkShop Hands-On della RHC Conference 2025 (Giovedì 8 maggio 2025)

Se sei un ragazzo delle scuole medie, superiori o frequenti l'università, oppure banalmente un curioso di qualsiasi età, il giorno giovedì 8 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terranno i workshop "hands-on", creati per far avvicinare i ragazzi alla sicurezza informatica e alla tecnologia. Questo anno i workshop saranno:

  • Creare Un Sistema Ai Di Visual Object Tracking (Hands on)
  • Social Engineering 2.0: Alla Scoperta Delle Minacce DeepFake
  • Doxing Con Langflow: Stiamo Costruendo La Fine Della Privacy?
  • Come Hackerare Un Sito WordPress (Hands on)
  • Il Cyberbullismo Tra Virtuale E Reale
  • Come Entrare Nel Dark Web In Sicurezza (Hands on)
    •
    Potete iscrivervi gratuitamente all'evento, che è stato creato per poter ispirare i ragazzi verso la sicurezza informatica e la tecnologia.
    Per ulteriori informazioni, scrivi a [email protected] oppure su Whatsapp al 379 163 8765


    Supporta RHC attraverso:


    Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

    Juniper Networks, acquired by Hewlett Packard Enterprise (HPE) for approximately $14 billion earlier this year, stated that they have found no evidence of active exploitation of the vulnerability in the wild. The vulnerability was discovered during internal product testing, and there are no workarounds that can resolve the issue definitively.

    Automatic Updates and Security

    In a further statement, Juniper Networks reassured users that the vulnerability has been automatically patched on affected devices for MIST-managed WAN Assurance routers connected to the Mist Cloud. The company emphasized that the fix, applied automatically on routers managed by a Conductor or on WAN Assurance routers, has no impact on the router’s data-plane functions, ensuring that network operations remain unaffected and secure.

    Conclusion

    Juniper Networks’ commitment to the security of its products and its swift response to the discovery of this vulnerability highlight the importance of keeping network devices updated. Users are encouraged to check the versions of their devices and ensure that security updates are applied promptly to protect their networks from potential threats.

    For further details and to access security updates, please visit the official Juniper Networks website.

    Pietro Melillo
    Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"

    Lista degli articoli
    Categories
    Banner

    Editorial board : [email protected]

    Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr
    Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.