Analysis Summary

Juniper Networks has released out-of-band security updates to address a critical vulnerability, CVE-2024-2973, in some of its routers. This flaw carrying a maximum CVSS score of 10.0 could allow an attacker to bypass authentication and take full control of the affected devices.

The vulnerability specifically impacts Juniper Networks Session Smart Router or Conductor running in high-availability redundant configurations. This critical issue was discovered during internal product testing and there have been no reports of active exploitation in the wild.

The company said in an advisory that the affected devices include Session Smart Router (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts), Session Smart Conductor (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts) and WAN Assurance Router (6.0 versions before 6.1.9-lts and 6.2 versions before 6.2.5-sts). Juniper Networks which was recently acquired by Hewlett Packard Enterprise (HPE) for approximately $14 billion emphasized the importance of applying these patches promptly to prevent potential security breaches.

The company has noted that the vulnerability has been patched automatically on affected devices managed through the Mist Cloud for MIST-managed WAN Assurance routers. This automated fix has no impact on the data-plane functions of the router ensuring minimal disruption to network operations. However, Juniper Networks highlighted that there are no available workarounds to mitigate this issue making the application of the provided patches crucial for maintaining network security.

Earlier in January 2024, Juniper Networks addressed another critical vulnerability (CVE-2024-21591) in the same products which could enable attackers to cause a denial-of-service (DoS) or remote code execution and obtain root privileges. Given the history of security flaws affecting Juniper's SRX firewalls and EX switches being exploited by threat actors, users need to stay vigilant and ensure that all necessary patches are applied to protect their network infrastructure from potential threats.

Impact

• Security Bypass
• Unauthorized Access

Indicators of Compromise

CVE

• CVE-2024-2973

Affected Vendors

Remediation

• Refer to Juniper Networks Security Advisory for patch, upgrade, or suggested workaround information.
• Ensure that all affected devices are updated with the latest security patches provided by Juniper Networks.
• Check and verify that the firmware versions on Session Smart Routers, Session Smart Conductors, and WAN Assurance Routers are updated to versions 5.6.15 or later, 6.1.9-lts or later, and 6.2.5-sts or later.
• Temporarily disable high-availability redundant configurations if immediate patching is not possible.
• Continuously monitor network traffic for any unusual activity or signs of attempted exploitation.
• Ensure strong access controls are in place, limiting access to network devices to authorized personnel only.
• Conduct regular security audits and vulnerability assessments to identify and address any potential security issues.
• Enable automatic updates for managed devices to ensure timely application of security patches.
• Keep up to date with the latest security advisories and updates from Juniper Networks and other relevant sources.
• Use network segmentation to isolate critical devices and reduce the attack surface.
• Regularly backup device configurations to ensure a quick recovery in case of a security incident.