CyberSecurityBoard
Sponsor Register Login

Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products

Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. Security teams must prioritize inventory audits using tools like Juniper HealthBot and implement Zero Trust Network Access (ZTNA) controls for management interfaces as interim measures while awaiting patch deployment. Juniper’s Security Incident Response Team (SIRT) confirms the vulnerability was discovered during internal fuzz testing of the gRPC-based management protocol, with no observed in-the-wild exploitation as of February 18, 2025. While patch application causes sub-30-second API management plane disruptions, data forwarding operations remain unaffected thanks to the separation of control and data planes in Juniper’s Session Smart architecture. Affected configurations include Session Smart Router versions from 5.6.7 before 5.6.17, 6.0.8 through 6.1.12-lts, 6.2.8-lts, and 6.3.3-r2; Session Smart Conductor installations with equivalent version ranges; and WAN Assurance Managed Routers matching these parameters. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This cryptographic failure enables unauthorized access to the /api/v1/config endpoint, where attackers can deploy malicious routing policies or exfiltrate session keys through GET requests to /api/v1/system/security/keys. As enterprises accelerate SDN adoption, this incident reinforces the necessity of continuous API security validation through DAST (Dynamic Application Security Testing) and runtime protection mechanisms.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Feb 2025 10:35:14 +0000


Cyber News related to Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products

Juniper Support Portal Exposed Customer Device Info - Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product's warranty ...
1 year ago Krebsonsecurity.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847
CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
1 year ago Bleepingcomputer.com
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
Juniper patches critical auth bypass in Session Smart routers - "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking ...
2 months ago Bleepingcomputer.com CVE-2024-2973
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
9 months ago Bleepingcomputer.com CVE-2024-2973
Juniper releases out-of-cycle fix for max severity auth bypass flaw - Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security issue is tracked as ...
9 months ago Bleepingcomputer.com CVE-2024-2973
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products - Juniper Networks has issued an urgent security advisory addressing a critical API authentication bypass vulnerability (CVE-2025-21589) affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router product lines. ...
2 months ago Cybersecuritynews.com CVE-2025-21589
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060
CISA Warns of Juniper Junos OS Improper Isolation Vulnerability Exploited in Wild - Mandiant’s research indicated that the attackers were exploiting end-of-life Juniper MX routers running older versions of Junos OS and were able to bypass the operating system’s Veriexec security subsystem by injecting malicious code into ...
1 month ago Cybersecuritynews.com CVE-2025-24201
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
Top 10 Best Passwordless Authentication Tools in 2025 - Auth0 provides a flexible authentication and authorization platform that supports passwordless login methods, enhancing security and user experience by eliminating the need for traditional passwords. Okta provides a robust identity and access ...
1 month ago Cybersecuritynews.com
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
1 year ago Bleepingcomputer.com CVE-2023-35137 CVE-2023-35138
Selecting an Authentication Protocol for Your Business - Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. The protocols exchange information to verify the validity of the authentication ...
1 year ago Darkreading.com
CVE-2022-22184 - An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). If a BGP update message is received ...
2 years ago
CISA: Critical Ivanti auth bypass bug now actively exploited - CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. Tracked as CVE-2023-35082, the flaw is a remote unauthenticated API ...
1 year ago Bleepingcomputer.com CVE-2023-35082
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation - Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with ...
11 months ago Blogs.juniper.net CVE-2023-46805 CVE-2024-21887
Hewlett Packard Enterprise Acquire Juniper Networks - HPE to acquire Juniper Networks for $14 billion in cash, in a move to bolster its AI networking credentials. Hewlett Packard Enterprise, a veteran of the tech industry, has confirmed a multi billion dollar acquisition of Juniper Networks. HPE ...
1 year ago Silicon.co.uk
Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
1 year ago Securityzap.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
10 months ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 CVE-2023-3519
Critical Juniper Networks RCE bug impacts heaps of devices The Register - More than 11,500 Juniper Networks devices are exposed to a new remote code execution vulnerability, and infosec researchers are pressing admins to urgently apply the patches. It's somewhat of a repeat scenario for Juniper Networks, which only ...
1 year ago Go.theregister.com CVE-2024-21591
Juniper patches bug that let Chinese cyberspies backdoor routers - Earlier this year, Black Lotus Labs researchers said that unknown threat actors have been targeting Juniper edge devices (many acting as VPN gateways) with J-magic malware that opens a reverse shell if it detects a "magic packet" in the network ...
1 month ago Bleepingcomputer.com CVE-2025-21590
Atlassian warns of 4 new critical vulnerabilities affecting Jira, Confluence, Bitbucket - Atlassian Jira, Confluence, Bitbucket and macOS Companion app users are warned to update their software immediately due to four critical vulnerabilities allowing for remote code execution. Atlassian, an Australian software company, has more than ...
1 year ago Packetstormsecurity.com CVE-2023-22518 CVE-2023-22522 CVE-2023-22523

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)