Upgrade now! Juniper releases patch for critical authentication bypass

Juniper Networks has released an out-of-cycle upgrade for a CVSS 10 vulnerability.

Juniper Networks has released an out-of-cycle upgrade to deal with a critical authentication bypass vulnerability. Upgrade as soon as you can.

The vulnerability, CVE-2024-2973, affects all versions of Session Smart Router and Session Smart Conductor before 5.6.15, from 6.0 before 6.1.9-lts, and from 6.2 before 6.2.5-sts; and 6.0 versions of WAN Assurance Router before 6.1.9-lts, and 6.2 versions of WAN Assurance Router before 6.2.5-sts.

Juniper says that the vulnerability has been patched automatically on affected devices for Mist managed WAN Assurance routers connected to the Mist Cloud.

It also says that In a Conductor-managed deployment, it is enough to upgrade the Conductor nodes to protect yourself. The connected routers should still be upgraded to a fixed version, however, but they will not be vulnerable once they connect to an upgraded Conductor.

Finally, it wants users to note that the fix is applied automatically on managed routers by a Conductor or on WAN assurance routers and has no impact on data-plane functions of the router, and that the application of the fix is non-disruptive to production traffic.

The vulnerability was found by internal testing, and the Juniper security incident response team (SIRT) is not aware of any malicious exploitation. However, the CVSS score is 10 out of 10 and Juniper’s decision to issue an out-of-cycle update both underline the urgency of applying the upgrade.

The authentication bypass would allow a successful network-based attacker to take full control of a device. It relies on the ability to use an alternate path or channel for Juniper Networks Session Smart Router or Conductor running with a redundant peer. This means that if the router or conductor has a backup—for reliability—an attacker can take advantage of this vulnerability to get around authentication checks.

Network peripherals are always an attractive target for ransomware groups and other cybercriminals. As a first point of entry, they usually provide means for further access since they are widely connected, they often have access to sensitive data, and since they usually run without human interaction they are sometimes overlooked in security.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
  • Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.