cve/2024/CVE-2024-2973.md

### [CVE-2024-2973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2973)
![](https://img.shields.io/static/v1?label=Product&message=Session%20Smart%20Conductor&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Session%20Smart%20Router&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WAN%20Assurance%20Router&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brightgreen)

### Description

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.Only routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.No other Juniper Networks products or platforms are affected by this issue.This issue affects:Session Smart Router:   *  All versions before 5.6.15,   *  from 6.0 before 6.1.9-lts,   *  from 6.2 before 6.2.5-sts.Session Smart Conductor:   *  All versions before 5.6.15,   *  from 6.0 before 6.1.9-lts,   *  from 6.2 before 6.2.5-sts. WAN Assurance Router:   *  6.0 versions before 6.1.9-lts,   *  6.2 versions before 6.2.5-sts.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/tanjiti/sec_profile