{ "id": "CVE-2024-2973", "sourceIdentifier": "sirt@juniper.net", "published": "2024-06-27T21:15:15.037", "lastModified": "2024-11-21T09:10:57.817", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device.\nOnly routers or conductors that are running in high-availability redundant configurations are affected by this vulnerability.\n\n\n\n\nNo other Juniper Networks products or platforms are affected by this issue.\n\n\n\n\n\nThis issue affects:\n\nSession Smart Router:\u00a0\n\n\n\n * All versions before 5.6.15,\u00a0\n * from 6.0 before 6.1.9-lts,\u00a0\n * from 6.2 before 6.2.5-sts.\n\n\n\nSession Smart Conductor:\u00a0\n\n\n\n * All versions before 5.6.15,\u00a0\n * from 6.0 before 6.1.9-lts,\u00a0\n * from 6.2 before 6.2.5-sts.\u00a0\n\n\n\nWAN Assurance Router:\u00a0\n\n\n\n * 6.0 versions before 6.1.9-lts,\u00a0\n * 6.2 versions before 6.2.5-sts." }, { "lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n mediante una ruta o canal alternativo en el enrutador o conductor inteligente de sesi\u00f3n de Juniper Networks que se ejecuta con un par redundante permite a un atacante basado en la red omitir la autenticaci\u00f3n y tomar el control total del dispositivo. Esta vulnerabilidad solo afecta a los enrutadores o conductores que se ejecutan en configuraciones redundantes de alta disponibilidad. Este problema no afecta a ning\u00fan otro producto o plataforma de Juniper Networks. Este problema afecta a: Session Smart Router: * Todas las versiones anteriores a 5.6.15, * desde 6.0 anteriores a 6.1.9-lts, * desde 6.2 anteriores a 6.2.5-sts. Session Smart Conductor: *Todas las versiones anteriores a 5.6.15, *desde 6.0 antes de 6.1.9-lts, *desde 6.2 antes de 6.2.5-sts. Enrutador de garant\u00eda de WAN: * Versiones 6.0 anteriores a 6.1.9-lts, * Versiones 6.2 anteriores a 6.2.5-sts." } ], "metrics": { "cvssMetricV40": [ { "source": "sirt@juniper.net", "type": "Secondary", "cvssData": { "version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Red", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "CONCENTRATED", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED" } } ], "cvssMetricV31": [ { "source": "sirt@juniper.net", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "sirt@juniper.net", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-288" } ] } ], "references": [ { "url": "https://support.juniper.net/support/eol/software/ssr/", "source": "sirt@juniper.net" }, { "url": "https://supportportal.juniper.net/JSA83126", "source": "sirt@juniper.net" }, { "url": "https://support.juniper.net/support/eol/software/ssr/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://supportportal.juniper.net/JSA83126", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }