Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device," the company said in an advisory issued last week. According to Juniper Networks, the shortcoming affects only those routers or conductors that are running in high-availability redundant configurations. The list of impacted devices is listed below – Session Smart Router (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts) Session Smart Conductor (all versions before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts) WAN Assurance Router (6.0 versions before 6.1.9-lts and 6.2 versions before 6.2.5-sts) The networking equipment maker, which was bought out by Hewlett Packard Enterprise (HPE) for approximately $14 billion earlier this year, said it found no evidence of active exploitation of the flaw in the wild. It also said that it discovered the vulnerability during internal product testing and that there are no workarounds that resolve the issue. "This vulnerability has been patched automatically on affected…Read More