CVE-2024-2973

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.

No other Juniper Networks products or platforms are affected by this issue.

This issue affects:

Session Smart Router:

• All versions before 5.6.15,
• from 6.0 before 6.1.9-lts,
• from 6.2 before 6.2.5-sts.

Session Smart Conductor:

• All versions before 5.6.15,
• from 6.0 before 6.1.9-lts,
• from 6.2 before 6.2.5-sts.

WAN Assurance Router:

• 6.0 versions before 6.1.9-lts,
• 6.2 versions before 6.2.5-sts.