Critical Vulnerability Affecting Juniper Devices

Published on 02 Jul 2024

Juniper has released security updates to address a critical vulnerability (CVE-2024-2973) in their smart router and conductor products. The vulnerability has a maximum CVSSv4 score of 10 out of 10.

The vulnerability affects Juniper Networks Session Smart Router or Conductor running with a redundant peer. Successful exploitation of the vulnerability could allow an unauthenticated attacker to bypass authentication and gain remote control of the device.

The vulnerability affects the following product versions:

Session Smart Router & Conductor:
  • All versions before 5.6.15
  • From 6.0 before 6.1.9-lts
  • From 6.2 before 6.2.5-sts
WAN Assurance Router:
  • 6.0 versions before 6.1.9-lts
  • 6.2 versions before 6.2.5-sts
Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here: