Описание
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.
No other Juniper Networks products or platforms are affected by this issue.
This issue affects:
Session Smart Router:
- All versions before 5.6.15,
- from 6.0 before 6.1.9-lts,
- from 6.2 before 6.2.5-sts.
Session Smart Conductor:
- All versions before 5.6.15,
- from 6.0 before 6.1.9-lts,
- from 6.2 before 6.2.5-sts.
WAN Assurance Router:
- 6.0 versions before 6.1.9-lts,
- 6.2 versions before 6.2.5-sts.
EPSS
10 Critical
CVSS3
Дефекты
Связанные уязвимости
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability. No other Juniper Networks products or platforms are affected by this issue. This issue affects: Session Smart Router: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. Session Smart Conductor: * All versions before 5.6.15, * from 6.0 before 6.1.9-lts, * from 6.2 before 6.2.5-sts. WAN Assurance Router: * 6.0 versions before 6.1.9-lts, * 6.2 versions before 6.2.5-sts.
Уязвимость прикладного программного интерфейса маршрутизаторов Session Smart Router и WAN Assurance, Session Smart Conductor, связанная с обходом процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю получить полный контроль над устройством
EPSS
10 Critical
CVSS3