Juniper patches critical auth bypass in Session Smart routers

"An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking infrastructure company said in an out-of-cycle security advisory released last week. Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. For instance, in June last year, Juniper released emergency updates to address another SSR authentication bypass (tracked as CVE-2024-2973) that can be exploited to take full control of unpatched devices. In August, the ShadowServer threat monitoring service warned of threat actors using a watchTowr Labs proof-of-concept (PoC) exploit targeting a remote code execution exploit chain to attack Juniper EX switches and SRX firewalls. According to Juniper's Security Incident Response Team (SIRT), the company has yet to find evidence that the vulnerability has been targeted in attacks. Juniper devices are commonly targeted in attacks due to their use in critical environments and are regularly targeted within less than a week after the vendor releases security updates. One month later, VulnCheck found thousands of Juniper devices still vulnerable to attacks using the same exploit chain.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 18 Feb 2025 17:10:28 +0000

Cyber News related to Juniper patches critical auth bypass in Session Smart routers

Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
4 months ago Cyberdefensemagazine.com

Juniper Support Portal Exposed Customer Device Info - Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty ...
1 year ago Krebsonsecurity.com

Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
7 months ago Bleepingcomputer.com

Smart Home Technology: Your Gateway to Modern Living - Smart home technology offers homeowners an array of benefits, from increased convenience and comfort to enhanced safety and energy savings. Smart home technology offers convenience, comfort, safety, and energy savings. Smart home technology provides ...
1 year ago Securityzap.com

Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 days ago Bleepingcomputer.com

Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
1 year ago Securityzap.com

Creating a Smart Home Ecosystem: Seamless Connectivity - Like a finely tuned symphony, creating a smart home ecosystem has the potential to bring harmony and convenience to everyday life. Establishing an interconnected network of digital devices to enable user-controlled automation of various household ...
1 year ago Securityzap.com

Smart Thermostats: Savings and Comfort at Your Fingertips - Smart thermostats offer a modern approach to home temperature control that can provide significant energy savings and enhanced comfort. Smart thermostats offer cost effectiveness, improved indoor air quality, enhanced comfort and convenience, and ...
1 year ago Securityzap.com

Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com

Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
1 year ago Securityzap.com

DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
4 months ago Darkreading.com

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products - Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. ...
2 days ago Cybersecuritynews.com

CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
1 year ago Bleepingcomputer.com

CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
8 months ago Tenable.com

"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com

Explore Redis for User Session Management on AWS Elasticache - Just as cities use various systems to keep track of their inhabitants and visitors, web applications rely on user session management to maintain a smooth experience for each person navigating through them. User session management is the mechanism by ...
1 year ago Feeds.dzone.com

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw - Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session ...
7 months ago Darkreading.com

GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
4 months ago Securityboulevard.com

CVE-2019-13945 - A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All ...
4 years ago

Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
1 year ago Feedpress.me

New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
2 years ago Thehackernews.com

Remote Code Execution Vulnerabilities Discovered in TP-Link and Netcomm Routers - Latest research has uncovered alarming security vulnerabilities in popular TP-Link and Netcomm routers. The discovered vulnerabilities if exploited could potentially allow an attacker to gain unauthorized access to the routers and execute arbitrary ...
2 years ago Securityweek.com

21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks - Some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors, according to network security and risk management ...
1 year ago Securityweek.com

Latest Cyber News

US healthcare org pays $11M settlement over alleged cybersecurity lapses - 5 minutes ago
Chinese Hackers Exploiting Check Point Firewall Vulnerability To Deploy Ransomware - 1 hour ago
Chinese hackers use custom malware to spy on US telecom networks - 2 hours ago
DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News - 3 hours ago
SOC Webinar: Better SOC with Interactive Malware Sandbox - Register for Free - 3 hours ago
Integrating LLMs into security operations using Wazuh - 3 hours ago
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script - 3 hours ago
IBM OpenPages Vulnerability Let Attackers Steal Authentication Credentials - 4 hours ago
Microsoft fixes Power Pages zero-day bug exploited in attacks - 4 hours ago
Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs - 5 hours ago
Microsoft testing fix for Windows 11 bug breaking SSH connections - 5 hours ago
New Zhong Malware Exploit AnyDesk Tool To Attack Fintech & Cryptocurrency - 7 hours ago
Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 8 hours ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 8 hours ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 8 hours ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 8 hours ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 9 hours ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 9 hours ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 10 hours ago
NSA Added New Features to Supercharge Ghidra 11.3 - 10 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

US healthcare org pays $11M settlement over alleged cybersecurity lapses - 5 minutes ago
Chinese Hackers Exploiting Check Point Firewall Vulnerability To Deploy Ransomware - 1 hour ago
Chinese hackers use custom malware to spy on US telecom networks - 2 hours ago
DOGE access to Social Security, IRS data could create privacy and security risks, experts say | The Record from Recorded Future News - 3 hours ago
SOC Webinar: Better SOC with Interactive Malware Sandbox - Register for Free - 3 hours ago
Integrating LLMs into security operations using Wazuh - 3 hours ago
Rhadamanthys Infostealer Exploiting Microsoft Management Console to Execute Malicious Script - 3 hours ago
IBM OpenPages Vulnerability Let Attackers Steal Authentication Credentials - 4 hours ago
Microsoft fixes Power Pages zero-day bug exploited in attacks - 4 hours ago
Sophisticated Phishing Attacks Targeting Decision-Makers Including CEOs and CTOs - 5 hours ago
Microsoft testing fix for Windows 11 bug breaking SSH connections - 5 hours ago
New Zhong Malware Exploit AnyDesk Tool To Attack Fintech & Cryptocurrency - 7 hours ago
Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 8 hours ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 8 hours ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 8 hours ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 8 hours ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 9 hours ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 9 hours ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 10 hours ago
NSA Added New Features to Supercharge Ghidra 11.3 - 10 hours ago