On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations. High-availability redundant configurations that ensure high availability are frequently utilized to support critical infrastructure networks such as data centers, telecommunications, public services, and government operations, among other critical infrastructure networks. CVE-2024-3937 allows remote threat actors to bypass authentication and gain full control of a device.
Arctic Wolf has not observed active exploitation of this vulnerability or identified publicly available proof-of-concept (PoC) exploit code. Nevertheless, threat actors may target this vulnerability in the near future, given the potential level of access they could achieve upon compromise. In 2023, threat actors targeted Juniper firewalls and switches using an exploit chain involving four vulnerabilities shortly after their disclosure.
Recommendation for CVE-2024-2937
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest versions.
Product | Affected Versions | Fixed Version |
Session Smart Router |
|
|
Session Smart Conductor | ||
WAN Assurance Router |
Note: In a Conductor-managed deployment, upgrading the Conductor nodes suffices to automatically apply the fix across all connected routers. This includes MIST managed WAN Assurance routers connected to the Mist Cloud, where the vulnerability has been patched automatically. Furthermore, applying the fix through Conductor or WAN assurance routers does not affect router data-plane functions. The process is non-disruptive to production traffic, with potential momentary downtime (less than 30 seconds) for web-based management and APIs.
References