Juniper Networks has released an emergency patch. This resolves CVE-2024-2973 for Session Smart Router (SSR), Session Smart Conductor and WAN Assurance Router applications. The vulnerability allows hackers to take over a router remotely.
These systems are especially vulnerable when running with a redundant peer. This gives a hacker who has penetrated the network the ability to bypass authentication and completely take over the attacked device in question.
Only routers and conductors running in high-availability redundant configurations are susceptible to the vulnerability. High-availability redundant configurations are mainly used when persistent access to services is very important. For example, this may be needed to keep (network) services live at all times and to increase resilience against unforeseen disruptive incidents.
They are therefore often present for large business environments, datacenter environments, for telecom networks, e-commerce environments and government and other public services.
Vulnerable versions and patch policies
The following Juniper Networks products are affected by the critical vulnerability:
- For Session Smart Router & Conductor: version 5.6.15 and earlier, version 6.0 to 6.1.9-lts, version 6.2 to 6.25-sts
- For WAN Assurance Router: the 6.0 versions up to 6.1.9-lts and the 6.2 versions up to 6.2.5-sts.
Session Smart Router versions 5.6.15, 6.1.9-lts and 6.2.5-sts have now received security updates. The WAN Assurance Routers are automatically patched when connected to Mist Cloud. Administrators of high availability clusters do need to upgrade the affected SSR routers to SSR-6.1.9 or SSR-6.2.5.
As for the Conductor nodes, Juniper Networks indicates that it is sufficient to implement the fix automatically for the connected routers. However, these routers still need to be upgraded to the latest version.
No further workarounds are available, and the networking and security specialist says it’s simply best to implement the patch.
Switches and firewalls previous targets
This is not the first time Juniper Networks’ network equipment has suffered hacking attacks. Last year, EX switches and SRX firewalls were targeted with four vulnerabilities. These were found to be exploited by hackers who tried to take advantage of these vulnerabilities.
Also read: Juniper Networks patches series of critical vulnerabilities