Juniper patches critical auth bypass in Session Smart routers

"An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking infrastructure company said in an out-of-cycle security advisory released last week. Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. For instance, in June last year, Juniper released emergency updates to address another SSR authentication bypass (tracked as CVE-2024-2973) that can be exploited to take full control of unpatched devices. In August, the ShadowServer threat monitoring service warned of threat actors using a watchTowr Labs proof-of-concept (PoC) exploit targeting a remote code execution exploit chain to attack Juniper EX switches and SRX firewalls. According to Juniper's Security Incident Response Team (SIRT), the company has yet to find evidence that the vulnerability has been targeted in attacks. Juniper devices are commonly targeted in attacks due to their use in critical environments and are regularly targeted within less than a week after the vendor releases security updates. One month later, VulnCheck found thousands of Juniper devices still vulnerable to attacks using the same exploit chain.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 18 Feb 2025 17:10:28 +0000

Cyber News related to Juniper patches critical auth bypass in Session Smart routers

Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
6 months ago Cyberdefensemagazine.com

Juniper Support Portal Exposed Customer Device Info - Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty ...
1 year ago Krebsonsecurity.com

Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
9 months ago Bleepingcomputer.com CVE-2024-2973

Smart Home Technology: Your Gateway to Modern Living - Smart home technology offers homeowners an array of benefits, from increased convenience and comfort to enhanced safety and energy savings. Smart home technology offers convenience, comfort, safety, and energy savings. Smart home technology provides ...
1 year ago Securityzap.com Meow

Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 months ago Bleepingcomputer.com CVE-2024-2973

Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
1 year ago Securityzap.com Meow

Creating a Smart Home Ecosystem: Seamless Connectivity - Like a finely tuned symphony, creating a smart home ecosystem has the potential to bring harmony and convenience to everyday life. Establishing an interconnected network of digital devices to enable user-controlled automation of various household ...
1 year ago Securityzap.com Meow

Smart Thermostats: Savings and Comfort at Your Fingertips - Smart thermostats offer a modern approach to home temperature control that can provide significant energy savings and enhanced comfort. Smart thermostats offer cost effectiveness, improved indoor air quality, enhanced comfort and convenience, and ...
1 year ago Securityzap.com Meow

Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847

Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
1 year ago Securityzap.com Meow

DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
6 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products - Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. ...
2 months ago Cybersecuritynews.com CVE-2025-21589

CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
1 year ago Bleepingcomputer.com

CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
10 months ago Tenable.com

CVE-2024-43647 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
7 months ago

"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com

Explore Redis for User Session Management on AWS Elasticache - Just as cities use various systems to keep track of their inhabitants and visitors, web applications rely on user session management to maintain a smooth experience for each person navigating through them. User session management is the mechanism by ...
1 year ago Feeds.dzone.com

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw - Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session ...
9 months ago Darkreading.com CVE-2024-2973

Juniper patches bug that let Chinese cyberspies backdoor routers - Earlier this year, Black Lotus Labs researchers said that unknown threat actors have been targeting Juniper edge devices (many acting as VPN gateways) with J-magic malware that opens a reverse shell if it detects a "magic packet" in the network ...
1 month ago Bleepingcomputer.com CVE-2025-21590

GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
6 months ago Securityboulevard.com CVE-2024-45409

CISA Warns of Juniper Junos OS Improper Isolation Vulnerability Exploited in Wild - Mandiant’s research indicated that the attackers were exploiting end-of-life Juniper MX routers running older versions of Junos OS and were able to bypass the operating system’s Veriexec security subsystem by injecting malicious code into ...
1 month ago Cybersecuritynews.com CVE-2025-24201

CVE-2019-13945 - A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All ...
4 years ago

Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
1 year ago Feedpress.me

New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
2 years ago Thehackernews.com