Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10.
The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an unpatched device.
The router flaw was found during internal security testing, and Juniper Networks added there is no evidence the bug has yet been exploited in the wild.
The company recommended immediate updates to Session Smart Routers SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases.
Managed routers will be automatically updated, which won't impact any data plane router functions, Juniper assured its customers.
This Cyber News was published on www.darkreading.com. Publication date: Mon, 01 Jul 2024 18:30:08 +0000