Juniper Session Smart routers have a critical flaw, so patch now

Juniper Networks says it found a critical flaw during internal testing
Session Smart routers bug has a 9.8 severity score and allows full device takeover
A patch is already available, so update now

Juniper Networks just released a patch for a critical vulnerability that allowed threat actors to take over Session Smart Routers (SSR).

In a security advisory, the company said that during internal testing, it discovered CVE-2025-21589, an authentication bypass vulnerability with a severity score of 9.8/10 (critical). This issue affects Session Smart Router, Session Smart Conductor, and WAN Assurance Managed Router – the affected endpoints include:

Session Smart Router:

from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2;

Session Smart Conductor:

from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2;

WAN Assurance Managed Routers:

from 5.6.7 before 5.6.17,
from 6.0.8,
from 6.1 before 6.1.12-lts,
from 6.2 before 6.2.8-lts,
from 6.3 before 6.3.3-r2.

No workarounds

Juniper said that there are no workarounds for this issue, and that the only way to safeguard the endpoints is to apply the patches: SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2 and subsequent releases.

“In a Conductor-managed deployment, it is sufficient to upgrade only the Conductor nodes and the fix will be applied automatically to all connected routers,” Juniper explained. “As practical, the routers should still be upgraded to a fixed version however they will not be vulnerable once they connect to an upgraded Conductor. Router patching can be confirmed once the router reaches the “running” (on 6.2 and earlier) or “synchronized” (on 6.3+) state on the Conductor”.

Devices that operate with WAN Assurance, connected to the Mist Cloud, are automatically updated. The routers should still be upgraded, it was said.

So far, there is no evidence of the flaws being abused in the wild.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/pQX7vZftvp4kjZhuJkt7yR-1200-80.jpg

Source link

Celebrate Apple’s 50th birthday with these deals on watches and AirPods

ChatGPT comes to Apple CarPlay but only if you are willing to talk to a robot

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Vir Das Sets Found-Footage Horror Film ‘Baara Number’

The Masked Singer Crowns Ashlee Simpson Season 14 Winner

‘That’s what I hate about celebrities’

10 Horror TV Shows & Movies To Watch After Something Very Bad Is Going To Happen

Factbox-How NASA’s Artemis II moon mission will unfold

Highness Microelectronics IPO set for strong debut as GMP signals healthy listing pop

Trump says Iran war’s core objectives near completion

Oil Price Today (April 2): Oil jumps 5% to cross $106/barrel after Trump’s comments erase de-escalation hopes

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Juniper Session Smart routers have a critical flaw, so patch now

Vir Das Sets Found-Footage Horror Film ‘Baara Number’

Factbox-How NASA’s Artemis II moon mission will unfold

The Masked Singer Crowns Ashlee Simpson Season 14 Winner

Highness Microelectronics IPO set for strong debut as GMP signals healthy listing pop