Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-21589

Опубликовано: 27 янв. 2026
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device.

This issue affects Session Smart Router: 

  • from 5.6.7 before 5.6.17, 

  • from 6.0 before 6.0.8 (affected from 6.0.8),

  • from 6.1 before 6.1.12-lts, 

  • from 6.2 before 6.2.8-lts, 

  • from 6.3 before 6.3.3-r2; 

This issue affects Session Smart Conductor: 

  • from 5.6.7 before 5.6.17, 

  • from 6.0 before 6.0.8 (affected from 6.0.8),

  • from 6.1 before 6.1.12-lts, 

  • from 6.2 before 6.2.8-lts, 

  • from 6.3 before 6.3.3-r2; 

This issue affects WAN Assurance Managed Routers: 

  • from 5.6.7 before 5.6.17, 

  • from 6.0 before 6.0.8 (affected from 6.0.8),

  • from 6.1 before 6.1.12-lts, 

  • from 6.2 before 6.2.8-lts, 

  • from 6.3 before 6.3.3-r2.

Ссылки

EPSS

Процентиль: 14%
0.00046
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288

Связанные уязвимости

github логотип

GHSA-vjjg-c428-g9r3

CVSS3: 9.8
github
11 дней назад

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects Session Smart Conductor:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2;  This issue affects WAN Assurance Managed Routers:  * from 5.6.7 before 5.6.17,  * from 6.0 before 6.0.8 (affected from 6.0.8), * from 6.1 before 6.1.12-lts,  * from 6.2 before 6.2.8-lts,  * from 6.3 before 6.3.3-r2.

fstec логотип

BDU:2025-04020

CVSS3: 9.8
fstec
12 месяцев назад

Уязвимость прикладного программного интерфейса маршрутизаторов Session Smart Router и WAN Assurance, Session Smart Conductor, связанная с обходом процедуры аутентификации посредством использования альтернативного пути или канала, позволяющая нарушителю получить полный контроль над устройством

EPSS

Процентиль: 14%
0.00046
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288