Juniper Networks has launched safety updates to handle a important safety flaw impacting Session Good Router, Session Good Conductor, and WAN Assurance Router merchandise that might be exploited to hijack management of vulnerable units.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 rating of 9.8 and a CVS v4 rating of 9.3.
“An Authentication Bypass Utilizing an Alternate Path or Channel vulnerability in Juniper Networks Session Good Router could permit a network-based attacker to bypass authentication and take administrative management of the machine,” the corporate said in an advisory.
The vulnerability impacts the next merchandise and variations –
- Session Good Router: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- Session Good Conductor: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
- WAN Assurance Managed Routers: From 5.6.7 earlier than 5.6.17, from 6.0.8, from 6.1 earlier than 6.1.12-lts, from 6.2 earlier than 6.2.8-lts, and from 6.3 earlier than 6.3.3-r2
Juniper Networks stated the vulnerability was found throughout inside product safety testing and analysis, and that it isn’t conscious of any malicious exploitation.
The flaw has been addressed in Session Good Router variations SSR-5.6.17, SSR-6.1.12-lts, SSR-6.2.8-lts, SSR-6.3.3-r2, and later.
“This vulnerability has been patched routinely on units that function with WAN Assurance (the place configuration can be managed) linked to the Mist Cloud,” the corporate added. “As sensible, the routers ought to nonetheless be upgraded to a model containing the repair.”
Source link