{"id":4272,"date":"2024-07-01T13:20:22","date_gmt":"2024-07-01T18:20:22","guid":{"rendered":"https:\/\/www.darkreading.com\/ics-ot-security\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw"},"modified":"2024-07-01T13:20:22","modified_gmt":"2024-07-01T18:20:22","slug":"juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/07\/01\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw\/","title":{"rendered":"Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blteed444452887dbb5\/6682eeba3a6e64fd2d57c20f\/Juniper_Networks_crop_John_Crowe_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an unpatched device.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Only Routers or Conductors that are running in high-availability redundant configurations are affected by this vulnerability,&#8221; the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/supportportal.juniper.net\/s\/article\/2024-06-Out-Of-Cycle-Security-Bulletin-Session-Smart-Router-SSR-On-redundant-router-deployments-API-authentication-can-be-bypassed-CVE-2024-2973?language=en_US\" rel=\"noopener\">emergency security advisory<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> said.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/d-link-routers-vulnerable-to-takeover-via-exploit-for-zero-day\" rel=\"noopener\">The router flaw<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> was found during internal security testing, and Juniper Networks added there is no evidence the bug has yet been exploited in the wild. The company recommended immediate updates to Session Smart Routers&nbsp;SSR-5.6.15, SSR-6.1.9-lts, SSR-6.2.5-sts, and subsequent releases.&nbsp;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;In a Conductor-managed deployment, it is sufficient to upgrade the Conductor nodes only and the fix will be applied automatically to all connected routers,&#8221; Juniper&#8217;s advisory added. &#8220;As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Managed routers will be automatically updated, which won&#8217;t impact any data plane router functions, Juniper assured its customers.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The application of the fix is non-disruptive to production traffic,&#8221; Juniper said. &#8220;There may be a momentary downtime (less than 30 seconds) to the web-based management and APIs however this will resolve quickly.&#8221;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Juniper Networks has released an emergency patch for a critical<\/p>\n","protected":false},"author":12,"featured_media":4273,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4272","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=2560%2C1368&ssl=1",2560,1368,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=300%2C160&ssl=1",300,160,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=640%2C342&ssl=1",640,342,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=640%2C342&ssl=1",640,342,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=1536%2C821&ssl=1",1536,821,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=2048%2C1094&ssl=1",2048,1094,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=1024%2C547&ssl=1",1024,547,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/07\/juniper-rushes-out-emergency-patch-for-critical-smart-router-flaw-scaled.jpg?fit=2560%2C1368&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4272"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4272\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4273"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}