Security News > 2024 > June > Juniper releases out-of-cycle fix for max severity auth bypass flaw

Juniper releases out-of-cycle fix for max severity auth bypass flaw
2024-06-30 15:14

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router, Session Smart Conductor, and WAN Assurance Router products.

"An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network-based attacker to bypass authentication and take full control of the device," reads the description of the vulnerability.

Juniper also notes that upgrading Conductor nodes is enough to apply the fix automatically to connected routers, but routers should still be upgraded to the latest available version.

Hackers target new MOVEit Transfer critical auth bypass bug.

ASUS warns of critical remote authentication bypass on 7 routers.

Exploit for critical Veeam auth bypass available, patch now.


News URL

https://www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Juniper 220 108 436 234 44 822